The first and foremost task to do after your certification process is to mitigate all non-conformities/non–compliances that were identified during your certification audit. This must be completed before your surveillance audit is due. Auditors will not be happy to see any of their findings to re-appear again in the following audits. If any of your policy or procedure documents require to be updated, ensure that you document these changes (version control within the documnet), get these document reviewed, approved by management and circulated to authoirzed people.
Posts Tagged ISO 27001:2005
ISMS Implementation Guide is one of my first white papers which was written out of my personal experience in implementing Information Security practices in an organization using the BS ISO/IEC 17799:2005 framework. This paper is intended to give an insight and help, those who are implementing this for the first time and for those who will be coordinating with external consultants for ISMS implementations in their organizations.
Please download the document here:
ISMS Implementation Guide
Organizations that intend to do a partial implementation of Information Security practices using BS ISO/IEC 27001:2005 need to note down these points which is a part of the standard.
Refer to your BS ISO/IEC 27001:2005 document under point 1 Scope.
1. Scope
1.1 General
This international Standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations). This international Standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization’s overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.
Here is a comparison of the changes that has been made in the new standard. This document gives you a one to one mapping, which is much easier to understand. It is very helpful when organization would like to upgrade from their existing BS7799 implementation.
File Download: Right-click on the link below and select “Save target as”. Once the download is complete, change the extension from “.pdf” to “.xls” and you are ready to go.
Objective:
It is always a good practice to identify the risks involved in any implementation process. This is pertaining to the ISMS implementation and I have highlighted 6 points that is critical to this subject. These are based out of my experience and if there is anything more, please feel free to share it with the community.
