ISO 27001 is the global gold standard for ensuring the security of information known as an Information Security Management System (ISMS). Information security being a vital priority for any business from an ethical and business standpoint. A cyber breach could jeopardise your curret and futuer revenue, as potential clients may require an ISO 27001 report […]

ISO 27001 is the global gold standard for ensuring the security of information known as an Information Security Management System (ISMS).

Information security being a vital priority for any business from an ethical and business standpoint. A cyber breach could jeopardise your curret and futuer revenue, as potential clients may require an ISO 27001 report before working or renewing with your organisation.

ISO 27001 compliance can be simplify this checklist.

Set the scope of your organisation’s ISMS and which are out of scope.
Inform stakeholders.
Implement Plan, Do, Check, Act (PDCA) process to recognise challenges and identify gaps for remediation
Establish an ISMS governing body and governance team.
Conduct an inventory of information assets
Consider all assets where information is stored, processed, and accessible
Record information assets: data and people
Record physical assets: laptops, servers, and physical building locations
Record intangible assets: intellectual property, brand, and reputation
Assign to each asset a classification and owner responsible for ensuring the asset is appropriately inventoried, classified, protected, and handled
Establish and document a risk-management framework with a risk register to ensure consistency
Identify scenarios in which information, systems, or services could be compromised
Determine likelihood or frequency with which these scenarios could occur
Evaluate potential impact of each scenario on confidentiality, integrity, or availability of information, systems, and services
Rank risk scenarios based on overall risk to the organisation’s objectives
Design a response for each risk (Risk Treatment) Assign an accountable owner to each identified risk, with risk mitigation activities and target dates for completion
Complete the Statement of Applicability – 114 controls of Annex A of ISO 27001 standard
Create an Information Security Policy, for establishing, implementing, maintaining, and continually improving the ISMS Including Information Security Objectives Leadership and Commitment Roles, Responsibilities, and Authorities Approach to Assessing and Treating Risk, Control of Documented Information, Communication, Internal Audit, Management Review, Corrective Action, and Continual Improvement for Policy Violations
Establish regular employee training and awareness programs, including common threats, how to respond, disciplinary or sanctions policies.
Perform an internal audit
Address any nonconformities
Conduct annual management reviews with quarterly review cycles
Perform a full ISO 27001 audit once every three years

All sounds a bit daunting, unsure how to get started. Our impartial, part-time Business Technology Leaders are experts in Security. Contact me ([email protected]) for an informal, confidential, impartial, no obligation and free discussion on how we can create transformational business value for you and your business.