Implementing ISO/IEC 27001 Information Security Management

Step 2 of 3: Implementation

We have great resources and support services to help you to start implementing ISO/IEC 27001 into your business.

You need to:

  • Complete the optional BSI ISO/IEC 27001 self-assessment questionnaire to evaluate how much of the work you’ve completed to meet certification requirements and what is still left to do
  • Ensure your organization understands the principles of ISO/IEC 27001, the roles individuals they’ll need to play and review your activities and processes against the standard

We help you to:

  • Develop the knowledge and skills to implement the standard at one of our implementation training courses: 

> ISO/IEC 27001 implementation training courses
> ISO/IEC 27001 Lead Implementer training course


Top tips for implementing ISO/IEC 27001

  1. Get commitment and support from senior management.
  2. Engage the whole business with good internal communication.
  3. Compare existing information security management with ISO/IEC 27001 requirements.
  4. Get customer and supplier feedback on current information security.
  5. Establish an implementation team to get the best results.
  6. Map out and share roles, responsibilities and timescales.
  7. Adapt the basic principles of the ISO/IEC 27001 standard to your business.
  8. Motivate staff involvement with training and incentives.
  9. Share ISO/IEC 27001 knowledge and encourage staff to train as internal auditors.
  10. Regularly review your ISO/IEC 27001 system to make sure you are continually improving it.  



Your ISO/IEC 27001 certification journey

Explore our ISO/IEC 27001 certification journey – designed to help you at whatever stage you are at.