Hi,
I'm not sure whether you are looking for project plan or the various phases that need to be designed and completed for the successful ISMS implementation. To my knowledge the following are the phases of activities that could be carried out for the ISMS implementation:
1. Defining the SCOPE of ISMS;
2. Conducting the control based Risk Assessment;
3. Creation of Information Asset Register (Information Asset Profiling);
4. Conducting the Risk Assessment;
5. Coming out with the Risk Treatment Plan (RTP);
6. Converting the RTP into Implementation Roadmap by defining the roles & responsibilities and efforts required for risk treatment;
7. Development of Security Policies, Procedures, Standards, Checklists, and supporting templates;
8. Design of secure network architecture, as applicable;
9. Rollout of the developed policies, procedures, checklists and templates;
10. Sustain the rolled out phase and observe the sustenance;
11. Conduct Internal Audit and identify the non-conformance(s);
12. Prepare the Corrective and Preventive Action plan for the identified non-conformance(s);
13. Implement the plan prepared in step 12;
14. Give sometime to sustain the process and conduct the second Internal Audit; and
15. Now, depending on the internal audit report, you should be able to figure out whether you are ready for the certification audit and accordingly you can get in touch with the certifying agency and go for the final assessment.
Should you need more clarification, feel free to get back to me.
I'm not sure whether you are looking for project plan or the various phases that need to be designed and completed for the successful ISMS implementation. To my knowledge the following are the phases of activities that could be carried out for the ISMS implementation:
1. Defining the SCOPE of ISMS;
2. Conducting the control based Risk Assessment;
3. Creation of Information Asset Register (Information Asset Profiling);
4. Conducting the Risk Assessment;
5. Coming out with the Risk Treatment Plan (RTP);
6. Converting the RTP into Implementation Roadmap by defining the roles & responsibilities and efforts required for risk treatment;
7. Development of Security Policies, Procedures, Standards, Checklists, and supporting templates;
8. Design of secure network architecture, as applicable;
9. Rollout of the developed policies, procedures, checklists and templates;
10. Sustain the rolled out phase and observe the sustenance;
11. Conduct Internal Audit and identify the non-conformance(s);
12. Prepare the Corrective and Preventive Action plan for the identified non-conformance(s);
13. Implement the plan prepared in step 12;
14. Give sometime to sustain the process and conduct the second Internal Audit; and
15. Now, depending on the internal audit report, you should be able to figure out whether you are ready for the certification audit and accordingly you can get in touch with the certifying agency and go for the final assessment.
Should you need more clarification, feel free to get back to me.
Regards,
Gaurav
gaurav79 (at) gmail (dot) com [email concealed] | +91-9873198236
[ reply ]