ISO/IEC 27001 + ISMS Implementation

ISO/IEC 27001 + ISMS IMPLEMENTATION ON SCHEDULE

Mana­ging infor­ma­ti­on secu­ri­ty risks requi­res a struc­tu­red approach that is com­pa­ra­ble to the qua­li­ty manage­ment sys­tem in pro­duc­tion com­pa­nies. Here, a Con­ti­nuous Impro­ve­ment Pro­cess (CIP) is defi­ned and imple­men­ted, which makes it pos­si­ble to iden­ti­fy IT-based risks, defi­ne mea­su­res and mea­su­re devia­ti­ons after their implementation.

Our con­sul­ting approach is based on the exper­ti­se gai­ned from IT audits, whe­re a clear distinc­tion is made bet­ween the defi­ni­ti­on of a mea­su­re and its ope­ra­tio­nal effec­ti­ve­ness. Design effec­ti­ve­ness in this con­text means whe­ther a mea­su­re is fun­da­men­tal­ly sui­ta­ble to con­trol a defi­ned risk.

Espe­ci­al­ly the ope­ra­tio­nal effec­ti­ve­ness in dai­ly prac­ti­ce con­tri­bu­tes to the fact that the iden­ti­fied risks are actual­ly mini­mi­zed. As an exam­p­le, the pro­hi­bi­ti­on of inse­cu­re cloud appli­ca­ti­ons by work ins­truc­tion can be men­tio­ned, which is often dis­re­gard­ed by employees and thus the ope­ra­tio­nal effec­ti­ve­ness of this mea­su­re is not given. In this case, the risk remains through the use of the cloud.

9 steps for a suc­cessful ISO 27001 and ISMS implementation

In prac­ti­cal ISO 27001 imple­men­ta­ti­on, we use the fol­lo­wing mile­sto­nes in the pro­ject process:

1. Get manage­ment support
2. Defi­ne scope of application
3. Defi­ne the risk manage­ment process
4. App­ly the risk manage­ment process
5. Deter­mi­ne the mea­su­res to be implemented
6. Imple­men­ta­ti­on of the measures
7. Audit and manage­ment review and corrections
8. Stage 1 audit
9. Cer­ti­fi­ca­ti­on audit

We would be hap­py to sup­port you in the imple­men­ta­ti­on of an ISMS!