Search in ISMS Guides

Google
 

Tuesday, July 31, 2007

Key Strategies for Implementing ISO 27001 (4)

PUBLISHED BY THE INSTITUTE OF INTERNAL AUDITORS

Analyze Return on Investment
Based on the groundwork done so far, companies should be able to arrive at approximate time and cost estimates to implement the standard for each of the scope options. Organizations need to keep in mind that the longer it takes to get certified, the greater the consulting costs or internal staff effort. For example, implementation costs become even more critical when implementation is driven by market or customer requirements. Therefore, the longer compliance takes, the longer the organization will have to wait to reach the market with a successful certification.

MOVING FORWARD

Implementing ISO 27001 requires careful thought, planning, and coordination to ensure a smooth control adoption. The decision of when and how to implement the standard may be influenced by a number of factors, including different business objectives, existing levels of IT maturity and compliance efforts, user acceptability and awareness, customer requirements or contractual obligations, and the ability of the organization to adapt to change and adhere to internal processes.

To learn more about the standard, BSI has prepared a guidance document available on its Web site, http://asia.bsi-global.com/InformationSecurity/ISO27001+Guidance/download.xalter. In addition, the Standards Direct Web site, www.standardsdirect.org/iso27001.htm, covers the latest version of the standard.

Key Strategies for Implementing ISO 27001 (1)
Key Strategies for Implementing ISO 27001 (2)
Key Strategies for Implementing ISO 27001 (3)
Key Strategies for Implementing ISO 27001 (4)

No comments: