Search in ISMS Guides


Wednesday, August 15, 2007

ISMS implementation

First of all as the standard says, you need to "establish, implement,
operate, monitor, review, maintain and improve a documented ISMS".

So, you need to hire ISO27001 consultants in order to do the above tasks.
They will conduct internal audits, gap analysis and so on.

When you have all the documentation required,
You can start the certification process.

You will start a "Stage 1" audit wich deal only with documentation issues.
And this is accomplished by a IRCA Auditor in order to certificate your
ISMS. This is called a third party audit.

At the final of the audit you will receive observations and non-conformity
issues (major or minor) that you need to resolve.

Then when you resolve the above, you are ready to a "in site audit" which is
called "Stage 2", here the IRCA auditor will evaluate the ISMS PDCA process,
so they will look for ISMS policy, internal audit reviews, risk acceptance
criteria, risk assessment results, management commitment, and so on.

So, you need to start hiring ISO27001 Lead Auditors.

Hope this helps.

H. Daniel Regalado Arias, CISSP

(Certified Information Systems Security Professional)

Chief Security Officer
Macula Group

No comments: