Home/News & Resources/Blog/8 Steps to Implement an ISO 27001 Information Security Management System
3 mins read

8 Steps to Implement an ISO 27001 Information Security Management System

January 12, 2021
Topics: News & Resources Information Security

Organisations should follow a structured and systematic approach to implement an effective information security management systems.

Between March and June, 2020, cyber attacks increased by over 166%. According to a recent SAI Global survey, more than 55% of respondents didn’t realise they were vulnerable to cyber attacks.

An ISO 27001 Information Security Management System enables organisations to preserve the confidentiality, integrity and availability of information, through a robust and practical framework. It helps define a set of processes to produce predictable information security outcomes.

8 Steps to Implement an ISO 27001 Information Security Management System

 

Step 1: Project Initiation
Establish a committee of top management and project management to ensure a comprehensive understanding of the organisation’s objectives and context.

Step 2: Define the ISMS
This includes the objective, scope, limits, interferences, dependencies and exclusions & justifications.

Step 3: Conduct a Risk Assessment
Establish a risk assessment framework, develop an asset register with associated threats, Analyse the risk and its impact, and evaluate the risk against the risk acceptance criteria.

ISO 27001: A Risk Based Approach to Cyber Security
Download Now

Step 4: Risk Management
Determine what the next action should be and what controls need to be implemented. This includes risk reduction, avoidance, acceptance and transfer.

Step 5: Training & Awareness
Educate employees on the management system, including their impact on the organisation’s security and processes.

Step 6: Preparing for Audit
Conduct a gap analysis on the system and processes to determine its conformance to the ISO 27001 standard, and address any corrective actions required.

Step 7: Certification Audit
Your third-party independent Certification Body will conduct the certification audit and determine whether your organisation conforms to the ISO 27001 Standard

Step 8: Continual Improvement
Measure, monitor and review the management system through an effective internal audit program, to identify areas of improvement.

Latest Blog Articles

Blog Articles
News & Resources, Audit & Certification, Defence
Love Me Tender – A Guide to Tendering to the Department of Defence
Uncover what is required to submit a tender application for Department of Defence Contracts including ISO Certification, DISP and exclusive resources.
28/06/21
8 mins read
News & Resources, Disability & Human Services
A Guide to the NDIS Certification Renewal Process
The NDIS Registration Renewal can be an overwhelming process, particularly when there isn’t a clear pathway outlined. The application and audit process must be completed in full (including any non-conformities raised being adequately addressed) prior to your NDIS Registration End Date.
02/06/21
6 mins read
News & Resources, Information Security
3 Key Considerations to be Successful in your DESE ISMS Scheme Certification
An ISO 27001 Information Security Management System enables organisations to preserve the confidentiality, integrity and availability of information
23/04/21
3 mins read

Contact Us

Audit & Certification Enquiries

☎ 1300 360 314

clientservicecentre@saiglobal.com

Training Enquiries

☎ 1300 727 444

training@saiglobal.com

Sales Enquiries

assurance@saiglobal.com

Chat with us
We have noticed that your visiting our site from
Continue
Or select a different country