Scribd Logo
Upload

Welcome to Scribd!

  • 1 views

    ISO 27001 Checklist Blog LM

    Uploaded by

    LUIS ALBERTO MOSQUERA HERNANDEZ
    The document outlines 13 steps to achieve ISO 27001 certification for information security management systems (ISMS), including forming an internal team, defining the scope, creating policies and procedures, conducting risk assessments, implementing controls, employee training, internal auditing, and undergoing two stage external audit process to obtain certification with ongoing surveillance audits thereafter to ensure continual improvement.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    ISO 27001 Checklist Blog LM

    Uploaded by

    LUIS ALBERTO MOSQUERA HERNANDEZ
    1 views3 pages
    The document outlines 13 steps to achieve ISO 27001 certification for information security management systems (ISMS), including forming an internal team, defining the scope, creating policies and procedures, conducting risk assessments, implementing controls, employee training, internal auditing, and undergoing two stage external audit process to obtain certification with ongoing surveillance audits thereafter to ensure continual improvement.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document outlines 13 steps to achieve ISO 27001 certification for information security management systems (ISMS), including forming an internal team, defining the scope, creating policies and procedures, conducting risk assessments, implementing controls, employee training, internal auditing, and undergoing two stage external audit process to obtain certification with ongoing surveillance audits thereafter to ensure continual improvement.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    1 views3 pages

    ISO 27001 Checklist Blog LM

    Uploaded by

    LUIS ALBERTO MOSQUERA HERNANDEZ
    The document outlines 13 steps to achieve ISO 27001 certification for information security management systems (ISMS), including forming an internal team, defining the scope, creating policies and procedures, conducting risk assessments, implementing controls, employee training, internal auditing, and undergoing two stage external audit process to obtain certification with ongoing surveillance audits thereafter to ensure continual improvement.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    ISO 27001 Checklist

    Form an ISO 27001 Internal Team


    Step 1 Etch out their Roles & Responsibilities
    Ensure Right Level of Oversight

    Build your ISMS


    Step 2 Define the ISMS Scope
    Management Approval for the Scope

    Create and Publish ISMS Policies, Procedure & Documentation


    Step 3 Ready the Mandatory Policies & Procedures
    Set up Processes to ensure Documentation at each step

    Conduct Risk Assessment & Treatment


    Conduct an Internal Risk Assessment of your Assets & System
    Identify the Risks that could impact Data Confidentiality,
    Step 4 Integrity, and Availability
    Assign a Probability of their Occurrence
    Peg the Impact Levels (high to low)
    Implement Response/ Controls to placate the likelihood of these risks

    Ready the Statement of Applicability (SOA)


    Review the 114 controls in Annex A
    Step 5 Select the ones that are relevent to your identified risks
    Include justifications for the inclusion and exclusion of controls in your SOA

    www.sprinto.com
    Implement ISMS Policies and Controls
    Implement PDCA approach
    Step 6 Inform employees of the ISMS Policies & Controls
    Set up Employee Review Process for ISMS Policies & Controls

    Conduct Employee Awareness & Training Programmes


    Step 7 Ensure Employees receive Relevant & Regular Infosec Education
    Train Employees on Response to Risks

    Monitor ISMS, conduct Gap Analysis and Remediate


    Review the ISMS
    Step 8 Conduct Gap Analysis, Remediate, Test more and Monitor
    Gather Evidence to demonstrate ISMS is meeting Standard's Requirements

    Undergo Internal Audit


    Select an Internal Auditor
    Step 9 Identify Scope
    Incorporate the suggestions/feedbacks from the Internal Audit Report

    Undergo Stage 1 Audit


    Select an accredited ISO 27001 External Auditor
    Step 10 Undergo Stage 1 audit - Documentation Review
    Incorporate the suggestions/feedbacks from the Audit Report
    Based on Audit Readiness, set up a date for Stage 2 Audit (within six months)

    Undergo a Stage 2 Audit


    Undergo Stage 2 audit - Main Audit
    Step 11 Incorporate the suggestions/feedbacks from the Audit Report
    Rectify major nonconformities (if any) and share evidence of correction action
    with the auditor.

    www.sprinto.com
    Post Certification, undergo Periodic Surveillance Audits
    Undergo Periodic Surveillance Audits
    Step 12
    Rectify major nonconformities (if any) and share evidence
    within three months

    Perform Continual Improvement


    Review ISMS & its Objectives
    Conduct Annual Risk Assessments
    Step 13 Treat new/added Risks with Relevant Controls/Measures to mitigate it
    Ensure Management Approval for updates/changes to ISMS
    Prepare for the Recertification Audit at the end of three years

    www.sprinto.com

    You might also like