roadmap to iso27001 certification initial interviews define isms scope & objectives define isms...
TRANSCRIPT
Ph
oen
ixP
ro
PhoenixPro PROCUREMENT. TECHNOLOGY. CONTRACTS. PROJECTS.
Ph
oen
ixP
ro
PhoenixPro PROCUREMENT. TECHNOLOGY. CONTRACTS. PROJECTS.
Ph
oen
ixP
ro
Roadmap to ISO27001 Certification• Initial Interviews
• Define ISMS Scope & Objectives
• Define ISMS Policy Statement
• Management Sign-off
ISMS Foundation
• Asset Register• Threat & Vulnerability
Analysis• Business Impact Analysis
• Risk Assessment• Risk Treatment Plan• Statement of Applicability• Gap Analysis• Management ApprovalPlanning & Risk Analysis
• Implementation Plan• Process Controls• Security Solutions• Vulnerability
Management and Attack & Penetration
• Awareness & User Training
• Evidence GatheringImplementation Planning & Execution
• Internal Audit• Control Effectiveness Review• Pre Audit Review &
Evaluation• Internal "Mock" Review• Management Review• Pre Audit Preparations• Readiness for Certification
Audit
ISMS Quality Assurance
Practical Tips & Hints
Why do it? Is it worth it?
How technical is the
external certification
audit?
Is it “all or nothing”?
I am compliant, how do I
justify certification?
Why not do it on our own?
Type of resources needed?
Key Areas to Watch
ISO27001 is not shelf ware
Policies means €€€€s!!!
All “Assessments” need to be
fair
DR / BCP a particular challenge
Outsourcing is allowed WITH
SLAs
Procurement. Contracts. Technology.Projects.
4
Ph
oen
ixP
ro
Ph
oen
ixP
ro
PhoenixPro PROCUREMENT. TECHNOLOGY. CONTRACTS. PROJECTS.
GEORGIOS A. [email protected]