Home/News & Resources/Blog/8 Steps to Implement an ISO 27001 Information Security Management System
3 mins read

8 Steps to Implement an ISO 27001 Information Security Management System

January 12, 2021
Topics: News & Resources Information Security

Organisations should follow a structured and systematic approach to implement an effective information security management systems.

Between March and June, 2020, cyber attacks increased by over 166%. According to a recent SAI Global survey, more than 55% of respondents didn’t realise they were vulnerable to cyber attacks.

An ISO 27001 Information Security Management System enables organisations to preserve the confidentiality, integrity and availability of information, through a robust and practical framework. It helps define a set of processes to produce predictable information security outcomes.

8 Steps to Implement an ISO 27001 Information Security Management System

 

Step 1: Project Initiation
Establish a committee of top management and project management to ensure a comprehensive understanding of the organisation’s objectives and context.

Step 2: Define the ISMS
This includes the objective, scope, limits, interferences, dependencies and exclusions & justifications.

Step 3: Conduct a Risk Assessment
Establish a risk assessment framework, develop an asset register with associated threats, Analyse the risk and its impact, and evaluate the risk against the risk acceptance criteria.

ISO 27001: A Risk Based Approach to Cyber Security
Download Now

Step 4: Risk Management
Determine what the next action should be and what controls need to be implemented. This includes risk reduction, avoidance, acceptance and transfer.

Step 5: Training & Awareness
Educate employees on the management system, including their impact on the organisation’s security and processes.

Step 6: Preparing for Audit
Conduct a gap analysis on the system and processes to determine its conformance to the ISO 27001 standard, and address any corrective actions required.

Step 7: Certification Audit
Your third-party independent Certification Body will conduct the certification audit and determine whether your organisation conforms to the ISO 27001 Standard

Step 8: Continual Improvement
Measure, monitor and review the management system through an effective internal audit program, to identify areas of improvement.

Latest Blog Articles

Blog Articles
News & Resources, Auditing & Certification, Information Security
DESE ISM Control Updates
Get the latest updates to the DESE ISM Scheme Controls as they are announced. Providers must ensure their SoA is maintained to a version of the ISM that is no more than 3 months old.
12/10/21
2 mins read
News & Resources, Auditing & Certification, Information Security
Cyber Security Awareness Month
October marks Cyber Security Awareness Month. To support, SAI Global is offering a 15% discount on ISO 27001 Audits and ISO 27001 Foundation Training.
12/10/21
4 mins read
News & Resources, Audit & Certification, Food Safety
What is Food Safety Culture?
The industry approach to food safety has evolved in recent years, with food safety seen now as more about culture and less about ticking boxes as the gold standard. Though food safety can be measured in traditional ways, culture is much more instinctive and less specifically defined. The key is to translate the complexity of audits, documentation, and directions into practical strategies and measures that everyone can understand.
08/10/21
6 mins read

Contact Us

Audit & Certification Enquiries

☎ 1300 360 314

clientservicecentre@saiglobal.com

Training Enquiries

☎ 1300 727 444

training@saiglobal.com

Sales Enquiries

assurance@saiglobal.com

Chat with us
We have noticed that your visiting our site from
Continue
Or select a different country