This is probably the most common question we get asked. ISO standards can appear daunting as there is so much work to do. ISMS.online simplifies that and breaks the work down into manageable chunks, much of it is already done for you as well, via the Adopt, Adapt, Add sample policy content.
ISMS.online helps you see the progress you make and celebrate success every step of the way. Whether progress is little and infrequent, or lots and often, the built-in reports will motivate you towards the 100% completion.
ISO Policies and Controls Project
If you are new to ISO 27001, a great place to make progress on is the ISO 27001 Requirements phase within your ISO 27001 Policies and Controls Project. You can navigate to this by:
- Hover over 'Work' in the navigation bar
- Click on 'All Work'
- Find the 'ISO 27001:2013 Policies and Controls' Project and click on it to open that area
- Click on the 'Structure' tab to see its contents
The ISO 27001:2013 Policies and Controls Project structure will display.
The ISO 27001 standard (indeed all the ISO standards) are structured in such a way that the different requirements build on each other, completing one will equip you well for completing those that follow. This is especially relevant for the "Understanding the organisation and its context section."
To get started we recommend beginning at the beginning, with requirement 4.1. To view it, click into the activity named 4.1: External and internal issues. Starting in this activity area will help focus your thinking about the world your organisation operates in and how your policies and practice need to reflect that. This guide will show you how to use the activity area to document your approach.
The remaining core requirements
You’ll logically then move from 4.1 through the other ISO 27001 requirements up to 10.2, simply documenting your work as you go. Depending on your scope and experience this might take just a few hours or could take considerably longer.
The 27002 "Annex A" controls
Once you have completed the core requirements, it's then time to look at the controls listed in the ISO 27002 document, these all begin with the letter A so they're easy to distinguish. This is where you will document the majority of the controls and processes you have in place to meet the ISO requirements.