Learn more about defining the scope in the article How to define the ISMS scope. If you are a larger organization, it probably makes sense to implement ISO 27001 only in one part of your organization, thereby significantly lowering your project risk however, if your company is smaller than 50 employees, it will probably be easier for you to include your whole company in the scope. If you do not clearly define what is to be done, who is going to do it, and in what time frame (i.e., apply project management), you might as well never finish the job. 2) Treat it as a projectĪs I already said, the implementation of an Information Security Management System (ISMS) based on ISO 27001 is a complex undertaking involving various activities and lots of people, lasting from a couple of months (for smaller companies) all the way to more than a year (for large corporations). In the sections below you’ll find some tips on how to convince your management, and how much the implementation costs. But in my experience, this is the main reason why ISO 27001 certification projects fail – management is either not providing enough people to work on the project, or not enough money. This one may seem rather obvious, and it is usually not taken seriously enough.
0 Comments
Leave a Reply. |