Achieving ISO 27001 means completing about 140 separate tasks, that we’ve broken down into 11 simple steps. They’re an integral part of ISMS.online. Each includes specific, pre-set work areas and tasks all ready to go.
You’ll start by describing your current information security environment:
- Lay firm foundations by understanding your organisation’s infosec needs
- Describe any infosec policies and controls you already have in place
- Add in any policies or controls you’re missing
Then you’ll go live with your ISMS and carry out your first internal audit:
- Formally launch your ISMS and move it into operational mode
- Conduct your first internal audit by reviewing your ISMS’ documentation
- Go through and prioritize any improvements you need to make
Finally you’ll complete the audit process to achieve compliance or certification:
- If you’re going for certification, get ready for your first external audit
- Find the right certification body
- Complete your first external audit, which checks your ISMS’ documentation
- Carry out your second internal audit, focusing on how your ISMS works in practice
