This PowerPoint Presentation describes project planning for ISO 27001

1. PROJECT PLAN FOR ISO
27001 IMPLEMENTATION

2. Content
2/25/2019
2
 ISO 27001
 Getting Started
 Project Goals
 Project Key Results
 Schedule
 Project Organization
 Project Risks
 Mitigation of Project Risks
 Tools and Documents
 Reporting

3. ISO 27001
2/25/2019
3
 ISO 27001 is the Information Security
Management System Standard, which is
commonly referred as “Information Technology
– Security Techniques – Information Security
Management Systems – Requirements.”
 ISO/IEC 27001:2013 is the most recent edition
of ISO 27001 Standard

4. ISO 27001
2/25/2019
4
 ISO 27001 defines the requirements as
follows:
 Establishment of Information Security
Management System [ISMS]
 Implementation of ISMS
 Maintenance and continual improvement of ISMS
 It presents a systematic approach to
secure the sensitive information in an
organization

5. ISO 27001
2/25/2019
5

6. Getting Started
2/25/2019
6
 Define the objectives to implement security
improvement program
 Identify the firm’s key processes
 Understand customers’ requirements
 Define the scope by comparing the existing
security with that of requirements as per
ISO27001
 Perform a risk assessment
 Manage the identified risk
 Implement controls
 Prepare and apply for certifications

7. Getting Started
2/25/2019
7
 Walkthrough the standard ISO/IEC 27001,
which clearly defines about clauses.
 Clause 0-3: Introduction with Scope
 Clause 4: Organizational Contexts
 Clause 5: Leadership
 Clause 6: Planning
 Clause 7: Support
 Clause 8: Operation
 Clause 9: Performance Evaluation
 Clause 10: Improvement

8. Project Goals
2/25/2019
8
Project goals:
 To apply ISO 27001 requirements
 To perform ready for certification
 To meet statutory and regulatory requirements
 To identify and address the risks associated
with the firm
 To get ISO 27001 certification by [date] at the
earliest

9. Project Key Results
2/25/2019
9
Results of the ISO 27001 implementation
project:
 ISMS implementation
 Implementation of all required processes
 Obtaining ISO 27001 certification

10. Schedule
2/25/2019
10
Milestone Due date
Project Initiation
Project Planning
Assessment
Implementation and Application
Internal Auditing
Management Review
Corrective Actions and Preventive Actions
Certification Audit
Continual Improvement Setup

11. Project Organization
2/25/2019
11
Name Organizational unit Job title
Project Sponsor: [Enter Project Sponsor’s
name]
Project Manager: [Enter Project Manager’s
name]

12. Project Risks
2/25/2019
12
Key Risks in the project implementation are
the following:
 Extension of deadlines in phase of establishing
process approach
 Extension of deadlines during formation of
process procedures
 Extension of deadlines due to bad selection of
exclusions or migrations from the ISO
27001:2013 standard

13. Mitigation of Project Risks
2/25/2019
13
Measures to reduce project risks:
 The project manager monitors that all activities
in the project are performed within specified
deadlines as per standards
 Consulting with experts to ensure that time or
resources are not spent on activities that are
unimportant for the project.

14. Tools and Documents
2/25/2019
14
The following tools and documents will be
used for the project:
 A shared folder including all documents such
as Word doc, PDFs, Excel files, Project Plans
produced during the project – [Folder name]

15. Reporting
2/25/2019
15
Project Reporting – project reports will be
produced regularly:
 Frequency – Per week or a month
 Responsible – Project Manager

16. Conclusion
2/25/2019
16
 This presentation gives you an outline about
project planning for ISO 27001 Implementation
in the organization.

17. Project plan for ISO 27001
implementation
TechNakama
2/25/2019 17