Get started…and break all the work down into bite-size chunks and celebrate the power of small wins. Some of these solutions, already have all the tools you need and include actionable documentation you can adopt, adapt and add to for a massive head start, and offer virtual coaching and training on achieving certification. You may not need external training or lead auditor implementer programmes – these can be wasteful and negatively affect how you want your Information Security Management System to work as a practical ISMS.Ĭonsider pre-configured technology solutions and tools to compare whether that is better than what you have internally already and better use of your valuable resources. Many of the requirements, processes, and controls may already be in place and need formalising. If the team is new to ISO 27001, buy the ISO standards and ISO 27002 guidance, and read it – comparing your current internal environment to what is required for success (a light gap analysis). Identify the headline RoI so you can apply the right people and leadership – it will help budget development, too, if that is required. When adding more context and structure to your ISO 27001 implementation plan, Your lead implementer should consider the following aspects:īe clear on the goals, compelling reasons to act and any deadlines you want to hit – as well as the consequences if that drifts.
