iso 27001 implementation: how to make it easier using iso ......how to use iso 9001 to make your iso...

17
ISO 27001 implementation: How to make it easier using ISO 9001? Presenter: Dejan Kosutic

Upload: others

Post on 03-Apr-2020

32 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: ISO 27001 implementation: How to make it easier using ISO ......How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001, or you

ISO 27001 implementation: How to make it easier using

ISO 9001?

Presenter: Dejan Kosutic

Page 2: ISO 27001 implementation: How to make it easier using ISO ......How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001, or you

©2017 27001Academy advisera.com/27001academy

GoToWebinar Control Panel

• Open and close your Panel

• View, Select, and Test your audio

• Submit text questions – they will be addressed throughout the session

• Raise your hand 6

Page 3: ISO 27001 implementation: How to make it easier using ISO ......How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001, or you

©2017 27001Academy advisera.com/27001academy 3

How to use ISO 9001 to make your ISO 27001 implementation less painful.

You have already implemented ISO 9001, or you are planning to implement both ISO 9001 and ISO 27001.

In most of the cases ISO 9001 can save up to 25% of time needed for ISO 27001 implementation.

Page 4: ISO 27001 implementation: How to make it easier using ISO ......How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001, or you

©2017 27001Academy advisera.com/27001academy 4

ISO 27001 is much more similar to

ISO 9001 than it may seem at first sight!

Page 5: ISO 27001 implementation: How to make it easier using ISO ......How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001, or you

©2017 27001Academy advisera.com/27001academy

Agenda

5

• Similarities

• Differences

• Implementation issues & roles

• Top management issues

• Implementing both standards

• Certification

• Greatest challenges with ISO 27001

Page 6: ISO 27001 implementation: How to make it easier using ISO ......How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001, or you

©2017 27001Academy advisera.com/27001academy

Similarities – PDCA cycle

6

Plan

CheckDo

Act

Define

what you

want to

achieve

Implement

what you

have

planned for

Measure

if you

achieved

the

objectives

Fill the

gap

Page 7: ISO 27001 implementation: How to make it easier using ISO ......How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001, or you

©2017 27001Academy advisera.com/27001academy

… Similarities

7

• Process approach

• Document control

• Corrective actions

• Human resources management

• Internal audits

• Management review

• Setting the objectives and measuring

• ISO 27001 Annex A – exclusions are possible

Page 8: ISO 27001 implementation: How to make it easier using ISO ......How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001, or you

©2017 27001Academy advisera.com/27001academy

… And differences

8

Selecting controls

(risk assessment)

Quality manual

ISO 9001 ISO 27001

Statement of

Applicability

Security Incidents

Customer complaints

Page 9: ISO 27001 implementation: How to make it easier using ISO ......How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001, or you

©2017 27001Academy advisera.com/27001academy

Implementation issues

9

• Integrate ISMS and QMS in one single management system

• PAS 99 Integrated Management

• For ISO 9001 clause 7.1.3 (Infrastructure) use ISO 27001

• Do not merge Quality Policy and Information Security Policy

Page 10: ISO 27001 implementation: How to make it easier using ISO ......How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001, or you

©2017 27001Academy advisera.com/27001academy

Roles

10

• QMS management representative

• CISO (Chief Information Security Officer)

• Project team

• Top management / sponsor

Page 11: ISO 27001 implementation: How to make it easier using ISO ......How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001, or you

©2017 27001Academy advisera.com/27001academy

Top management issues

11

• If QMS is already implemented, they will understand the benefits (or drawbacks) of ISMS easier

• The management review can be done at the same time for both ISO 27001 and ISO 9001

• System for setting objectives and measuring them can be the same

Page 12: ISO 27001 implementation: How to make it easier using ISO ......How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001, or you

©2017 27001Academy advisera.com/27001academy

Implementing both standards in parallel

12

ObjectivesISMS, QMS

policiesDocument

managementRisk

Assessment

+ Annex A

Core operating

procedures

Internal audits, Management

reviews, Corrective

actions

ISO 27001 ISO 9001ISO 27001 + ISO 9001

Page 13: ISO 27001 implementation: How to make it easier using ISO ......How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001, or you

©2017 27001Academy advisera.com/27001academy

Certification

13

Integrated audit

→ it will save you time and money!

Page 14: ISO 27001 implementation: How to make it easier using ISO ......How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001, or you

©2017 27001Academy advisera.com/27001academy

Greatest challenges with ISO 27001

14

• Lot of related ISO standards (ISO 19011, ISO 9001, ISO 27000 family, ISO 31000, etc.)

• Defining the scope of implementation

• Management and colleague commitment

• Risk management since ISO 9001:2015 doesn't really need a formal risk process

• Creating Integrated Management System

Page 15: ISO 27001 implementation: How to make it easier using ISO ......How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001, or you

©2017 27001Academy advisera.com/27001academy

Conclusions

15

ISO 27001 and ISO 9001 have a very similar core management system

→ ISO 9001 is an excellent foundation for ISO 27001 implementation

Page 16: ISO 27001 implementation: How to make it easier using ISO ......How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001, or you

Q & A

Dejan Kosutic

Page 17: ISO 27001 implementation: How to make it easier using ISO ......How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001, or you

http://advisera.com/27001academy/webinars

Thank you!