How do you start implementing ISO 27001?

For this Toolkit Insider Series, we will show you why an Information Security Management System (ISMS) Plan can provide a starting point for your ISMS project.

Implementing an ISMS can be hard work. Depending on the size of your organisation, an ISMS project can take months or a year of full-time work to complete.

However, once the project has been implemented, your organisation will be able to defend itself from technology-based risks and be resilient in the face of future cyber attacks.

So, how do you start your ISMS project? A sensible place to start is to create a detailed strategy of how your ISMS project will run, and this is where an ISMS Plan template can save you critical time you might otherwise spend creating your own.

The ISMS Plan template

This template found in our ISO27001 2013 ISMS Standalone Documentation Toolkit will give you a starting point for your project and will guide you through the steps of implementing an ISMS.

Receive a 20% discount off this toolkit when you use the discount code, ISMS20.

The ISMS Plan template includes some of the following steps:

• Identify business interfaces
• Identify key processes
• Define and apply a risk assessment process
• Create a risk treatment plan

The ISMS plan also assigns responsibilities for each step of your plan. For example, the template ensures that the information security manager is responsible for ensuring that all information security issues have been included and appropriately treated.

Inside our ISMS Plan

Here’s a sample from our ISMS Plan template:

To view a full sample of the ISMS Plan, contact

ISO27001 2013 ISMS Standalone Documentation Toolkit

Created by expert practitioners, the ISO27001 2013 ISMS Standalone Documentation Toolkit provides you with a comprehensive set of ISMS templates, saving your organisation time, effort and money. Take your free trial here.

Next week

For the final instalment, we will be looking at the Risk Assessment Procedure.