Scribd
Upload
75 views5 pages

ISMS Implementation Plan 221122 205232

Uploaded by

mustapha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
75 views5 pages

ISMS Implementation Plan 221122 205232

Uploaded by

mustapha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

ISO 27001: ISMS Implementation Plan

4.2, 15.11.2022

ISMS Implementation Toolkit - www.patreon.com/posts/47806655

Stage ISMS Implementation Toolkit Output

0. Read ISO 27001 • ISO Survey 2021: ISO 27001 certificates • Basic knowledge
and additional
• ISO 27001, 27002, 27003, 27005, 27014 • Purchased standards
materials. Take a
mindmaps (ISO 27001, 27002, 27003,
training course.
27005)
• The ISO 27000 Family of Standards
• ISO 27001. New information security
controls, 2022
• IS Controls Mapping (2013 and 2022)
• ISMS Required activities
• ISO 27001 implementation steps
(Approaches)
• My presentation "ISO 27001:2022. What
has changed?"
• Recommendations*

1. Conduct • ISO 27001 Intro Presentation* • Presentation and MoM


awareness
training for the
top management

2. Conduct a Gap • Request documents for GAP analysis • ISMS Gap Analysis report
analysis (ISMS and PIMS)
• List of ISMS documents (draft)
• ISMS GAP Analysis Report (template)
• ISMS Required activities
• Requirements for documented
information in ISO 27001 and ISO 27701
• Cyber Security Principles by ACSC
• List of documents (template)

3. Understand the • Privacy Pain Points and Trigger Events • List of Requirements (draft)
Context
• Information Security and Data Protection • ISMS Scope (draft)
context (mindmap)
• List of interested parties (draft)
• List of interested parties (example)
• Slides for the first IS Committee
• List of Requirements (template) meeting
• ISMS Scope (template) • Organization Chart

4. Plan the • ISMS Implementation Plan • ISMS Project Charter


implementation
• ISMS Implementation Schedule • ISMS Implementation Plan
(preliminary)
• ISMS Required activities
• ISMS Communication plan
• ISMS Communication plan (example and
(draft)
template)
• ISMS issues and feedback
• ISMS issues and feedback register
register
(template)

by Andrey Prozorov, CISM, CIPP/E, CDPSE, LA 27001


www.patreon.com/AndreyProzorov
ISO 27001: ISMS Implementation Plan
4.2, 15.11.2022

5. Conduct the first • ISMS presentation for the first IS • Presentation and MoM
IS Committee Committee meeting (template)*
• ISMS Communication plan
meeting
• MoM (template)*

6. Establish • Checklist for Information Security Policy • Information Security Policy


Information and GDPR Policy
• Presentation, MoM and Orders
Security Policy
• Information Security Policy (example)
and Information
Security • Information Security Principles
Objectives

7. Take an inventory • List of information assets (template) • List of information assets


of the assets
• Information Asset Categories by SoGP
2022
• Supporting assets mindmap by EBIOS
RM

8. Define a method • ISO 27005:2022 Overview • Information security risk


of risk management procedure
• ISO 27005:2022. Risk Assessment and
assessment,
Treatment processes, mindmaps • Information security risk
identify and
assessment methodology
assess • ISO 27005:2022. Information security
information risk assessment and treatment processes • Information security risk
security risks assessment report / register
• Examples of typical threats, ISO
27005:2022
• Lists of common information security
threats
• My list of information security threat
events
• Risk Register Template by ISACA
• Risk Register Template by NIST
• IS Risk Register (template)*

9. Prepare • ISMS Maturity Levels and Statement of • Statement of Applicability, SoA


Statement of Applicability (SoA) template, 2013 and (draft)
Applicability 2022
• Risk Treatment Plan, RTP
(SoA) and Risk
• Risk Treatment Plan (template)*
Treatment Plan
(RTP)

10. Define • ISMS Documented Information Policy • ISMS Documented Information


requirements for (template) Policy
documentation
• Templates
management

by Andrey Prozorov, CISM, CIPP/E, CDPSE, LA 27001


www.patreon.com/AndreyProzorov
ISO 27001: ISMS Implementation Plan
4.2, 15.11.2022

11. Develop ISMS • ISMS RACI Chart (example) • ISMS Framework


Framework and
• ISMS Framework (mindmap) Annexes:
define roles and
responsibilities • ISMS core process by Knut Haufe - RACI Chart
• Information Security Principles - ISMS Scope
- List of interested parties
- List of Requirements

• Orders
• Changes in the Job Descriptions

12. Develop and • ISO 27002:2022 5.1 Policies for • Set of ISMS policies and
implement a set information security procedure
of ISMS policies
• ISMS Documented Information • SoA (updated)
and procedures
• Information Security Policies. Templates
and resources for inspiration
• Simple Policy Template
• Set of example policies*
• Process description (checklist and
template)
• Sanity checklist for ISMS/PIMS
documentation

13. Plan and • N/A • Implemented controls (records)


implement
• SoA (updated)
additional
information • Information Security Controls. People
security measures Controls by ISO 27002:2022
• Security Levels of Shredders

14. Plan, prepare and • Competence for ISMS Professionals • Information security awareness
conduct programme and plans
• Cybersecurity Profiles by ENISA
awareness
• Awareness materials and other
trainings • How to develop an IS awareness
records
program, mindmap
• Evidence of competence
• Information Security and Data Protection
awareness
• Information Security and Data Protection
Awareness Topics
• Information Security and Data Protection
culture
• Interview questions for CISOs and DPOs
• Chief Information Security Officer (CISO)
by ACSC

by Andrey Prozorov, CISM, CIPP/E, CDPSE, LA 27001


www.patreon.com/AndreyProzorov
ISO 27001: ISMS Implementation Plan
4.2, 15.11.2022

15. Operate the ISMS • N/A • Records (all procedures)


• ISMS Communication plan
(updated)
• ISMS issues and feedback
register (updated)
• IS Committee meetings
(Presentations and MoMs)

16. Monitor the ISMS • Objective and Key Results (OKRs) • List of objectives, KPIs and
metrics
• BCP and DRP. Failure and Recovery
Metrics • ISMS monitoring, measurement,
analysis and evaluation reports

17. Audit the ISMS • Guidelines for ISMS auditing (mindmap) • Internal information security
audit programme and plans
• Internal Audit Plan (template)
• Internal information security
• Internal Audit Report (template)
audit reports
• Nonconformity Report (template)
• List of Nonconformities (NCs)
• List of NCs*
• Audit Meetings Checklist
• ISO 19011:2018 Guidelines for auditing
management systems, Mindmap

18. Conduct ISMS • ISMS Management Review Report • ISMS management review
Management (template) reports (MRR)
reviews
• IS Committee meetings
(Presentations and MoMs)

19. Practice continual • N/A • Corrective Action Plan(s)


improvement
• Continual Improvement Plan(s)

• ISMS Framework (reviewed and


updated)
• Set of ISMS documents
(reviewed and updated)
• SoA (reviewed and updated)
• RTP (reviewed and updated)

20. Prepare for the • ISMS Audit Preparation Checklist (short • Request for proposal (RFP)
certification audit template)
• ISMS Overview (presentation)
• Recommendations*
• List of ISMS documents
(updated)
• Organization Chart

*Soon

by Andrey Prozorov, CISM, CIPP/E, CDPSE, LA 27001


www.patreon.com/AndreyProzorov

You might also like