Getting an ISMS ISO 27001 certified!
Leading organisations implement ISO 27001 to label its Information Security Management Services (ISMS)? ICT Control clients benefit from a proven method and an expert assistance to implement an optimal certification process.
While some believe that the use of pre-existing templates could reduce the time, the effort and the cost for certification? Many of our clients undergo a wasted initiative before adopting a structured approach.
Implementing an ISMS (Information Security Management System) and obtaining an ISO 27001 certification are management decisions, typically aimed at:
- complying with regulations
- gaining a competitve edge
- lowering expenses due to incidents, errors and end-user dissatisfaction
While running an implementation project, the assistance of an expert (a certified ISO 27001 Lead Implementer) provides essential steps, avoid wasted effort and focuses on essential controls.
ICT Control documented a phased approach with 12 stages organised in 4 phases.
The certification process may be an intensive effort on a medium term (one year) or a relaxed effort over few years where controls are being implemented during the course of the organisation change/transformation process. Ill-planned certification projects may continue to nourish wishful thinking for ten years or more.
Critical success factors for successful certification projects include:
- Senior management and business management direct involvement,
- Step based approach with scope and effort optimisation in an agile manner,
- Project coordination by an internal or an external project manager (par time activity),
- The use of Client / End User perspective in the first place,
- This is not a technical or an information security project but a Senior management and business management initiative