You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

This section should also cover ISO 27001 chapter 10: Improvement


A guide on how to establish and implement an ISMS and the run of your ISMS (the CISO's planning for the year)

The CISO should make his own plan, implement it in the company,  check internal (f.i. business) external (f.i. law) changes, check compliancy and make a plan for the next year to implement findings out of the evaluation.  

Establish an ISMS

what's needed to be planned is; 

  • what will be done
  • what resources will be required
  • who will be responsible
  • when it will be completed
  • how the results will be evaluated (art. 6.2 of ISO. 27.001)

Implement an ISMS


Run your ISMS

What kind of planning will you have in place when the ISMS is in place.


Evaluate your ISMS

What's needed to be planned and put under the points above; 

  • Make a risk registry
  • Make a risk inventory 
  • Make sure that you have an asset inventory
  • Risk assessments
  • Make sure you have a Risk Treatment
  • Awareness training
  • Plan a security training
  • Plan to make policies
  • Check compliance with policies
    • Reviewing
    • Auditing 
  • No labels