Implementing ISO/IEC 27001 Information Security Management
Step 2 of 3: Implementation
We have great resources and support services to help you to start implementing ISO/IEC 27001 into your business.
You need to:
- Complete the optional BSI ISO/IEC 27001 self-assessment questionnaire to evaluate how much of the work you’ve completed to meet certification requirements and what is still left to do
- Ensure your organization understands the principles of ISO/IEC 27001, the roles individuals they’ll need to play and review your activities and processes against the standard
We help you to:
- Develop the knowledge and skills to implement the standard at one of our implementation training courses:
- Understand where your information security management system still needs work in order to be certified, book an optional BSI gap assessment
-
Consider using BSI Connect to support with implementation
Top tips for implementing ISO/IEC 27001
- Get commitment and support from senior management
- Engage the whole business with good internal communication
- Compare existing information security management with ISO/IEC 27001 requirements
- Get customer and supplier feedback on current information security
- Establish an implementation team to get the best results
- Map out and share roles, responsibilities and timescales
- Adapt the basic principles of the ISO/IEC 27001 standard to your business
- Motivate staff involvement with training and incentives
- Share ISO/IEC 27001 knowledge and encourage staff to train as internal auditors
- Regularly review your ISO/IEC 27001 system to make sure you are continually improving it
