Resilience to cyber attacks requires an organization to defend itself across all of its attack surface: people, processes, and technology. ISO 27001 is the international standard that sets out the requirements of an information security management system (ISMS) – a holistic approach to information security that encompasses people, processes, and technology.

Accredited certification to the ISO 27001:2013 Standard is recognized worldwide as the hallmark of best-practice information security management.

Achieving and maintaining accredited certification to ISO 27001 can be complicated, especially for those who are new to the Standard.

Aligned with the latest iteration of ISO 27001:2013, this North-American edition of the original, no-nonsense guide to successful ISO 27001 certification is ideal for anyone tackling ISO 27001 for the first time. In nine critical steps, the guide covers each element of the ISO 27001 project in simple, non-technical language.

Contents include:

• Creating a management framework and performing a gap analysis
• Structuring and resourcing your project, including advice on whether to do it yourself or use a consultant
• Conducting a five-step risk assessment, and creating a Statement of Applicability (SoA) and a risk treatment plan (RTP)
• Integrating your ISO 27001 information security management system (ISMS) with an ISO 9001 quality management system (QMS) and other management systems
• Addressing documentation challenges you’ll face as you create business policies, procedures, work instructions, and records
• Continual improvement of your ISMS
• The six secrets to certification success

If you’re tackling ISO 27001 for the first time, Nine Steps to Success – An ISO 27001 Implementation Overview will give you the guidance you need to understand the Standard’s requirements and ensure your implementation project is a success – from inception to certification.