SlideShare a Scribd company logo

ISO 27001 How to accelerate the implementation.pdf

Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

ISO 27001:2022 Tips and Tricks. How to accelerate the implementation. Information Security Management System (ISMS)

Technology
1 of 15
Download to read offline
ISO 27001:2022 Tips and Tricks. How to accelerate the implementation by Andrey Prozorov, CISM, CIPP/E, CDPSE, LA 27001 www.patreon.com/AndreyProzorov 1.0, 01.06.2023
Agenda 2 1. ISMS Implementation plan 2. The main obstacles 3. Recommendations for the implementation team 4. Recommendations for the project management 5. Recommendations for the core processes 6. Other recommendations 7. ChatGPT and ISO 27001 (ISMS) Toolkits
ISMS Implementation plan 3 1. Conduct awareness trainings for the top management 2. Conduct a Gap analysis 3. Understand the Context 4. Plan the implementation 5. Conduct the first IS Committee meeting 6. Establish Information Security Policy and Information Security Objectives 7. Take an inventory of the assets 8. Define a method of risk assessment, identify and assess information security risks 9. Prepare Statement of Applicability (SoA) and Risk Treatment Plan (RTP) 10.Define requirements for documentation management 11.Develop ISMS Framework and define roles and responsibilities 12.Develop and implement a set of ISMS policies and procedures 13.Plan and implement additional information security measures 14.Plan, prepare and conduct awareness trainings 15.Operate the ISMS 16.Monitor the ISMS 17.Audit the ISMS 18.Conduct ISMS Management reviews 19.Practice continual improvement 20.Prepare for the certification audit *time-consuming tasks
4 Program Evaluation Review Technique (PERT) is a project management planning tool used to calculate the amount of time it will take to realistically finish a project ISMS Implementation plan 1-2 years
5 The main obstacles 1. Lack of top management support 2. Insufficient budget and resources / no allocated resources 3. Resistance to change (e.g., sophisticated alignment, extensive document approval, complicated procurement process) 4. Inadequate understanding of ISMS concepts (e.g., focus on Annex A, not on the main text) 5. Lack of skilled professionals 6. Unclear roles and responsibilities 7. Ineffective communication with the interested parties 8. Choosing a Risk Assessment methodology that is too complicated 9. No processes / low maturity level of processes / too complex processes, especially: • Internal audit • Nonconformity management • ISMS Evaluation (metrics and KPIs) • Asset management • Incident management • Change management • Business continuity management 10. Desire to radically increase the maturity of the processes (+ 2-3 levels) 11. Implementing new automation tools (e.g., GRC, SIEM, UEBA, SOAR) before building the processes 12. Lack of information security culture / Lack of awareness
6 Recommendations for the implementation team 1. Educate the implementation team in advance 2. Protect the implementation team from other projects and tasks (prioritisation) 3. Increase the motivation of the implementation team (e.g., additional bonuses, flexible hours, training courses) 4. Hire a few interns 5. Involve external consultants and/or mentors
7 Recommendations for the project management 1. Set clear and realistic project goals 2. The project charter is important, but don't make it too complicated 3. Reduce the ISMS scope for the certification 4. Improve communication between the implementation team members (e.g., use a Kanban board, create a channel on Slack/MS Teams) 5. Don't spend much time on detailed planning. Use the sprints (1-2 weeks) 6. Schedule parallel tasks (e.g., Risk Assessment and Documents preparation) 7. Prepare and strictly follow a Communication Plan
8 Recommendations for the core processes 1. Launch awareness training ASAP. Start from the top management 2. Launch the ISMS Committee / IS Steering Committee ASAP. Hold meetings once or twice a month at first, then once a quarter. 3. Use simple templates for ISMS documents, and easy approval and review procedures (e.g., during the ISMS Committee meetings) 4. Use Notion/Confluence (if allowed) 5. Create templates and registers in advance: 1. ISMS Committee presentation and MoM 2. Policy (Template) 3. Statement of Applicability (SoA) 4. Audit Plan and Report 5. Nonconformity Register and Report 6. ISMS management review report 7. Risk register 8. Incident register 6. Prepare the mandatory documents first. You don’t need the full set of topic-specific policies and procedures! 7. Simplify the core processes! You will improve them later… 8. Combine an ISMS Gap Analysis with Internal Audits 9. Don't spend much time on Risk Assessment. You will improve it later… 10. Implement only critical controls (Annex A). Just plan to implement others… 11. Continual improvement is better than the perfect system
9 Other Recommendations 1. Purchase and study ISO 27000, 27001, 27002, 27003, 27005, 27007, 19011 in advance 2. Collect and keep records with care 3. MS Excel is the best GRC for starters • Asset register • Incident register • Nonconformity register • Risk register and RTP • Statement of Applicability (SoA) • ISMS Documented information • Supplier register • … 4. Use ChatGPT 5. Use templates and toolkits
10 www.patreon.com/posts/how-to-use-for-83553386
11 Best ISO 27001 (ISMS) Toolkits 1. ISO27k Toolkit by ISO27k Forum (Free) - https://lnkd.in/eC5Kh5d6 2. ISMS Implementation Toolkit by Andrey Prozorov (28$ per month) - https://lnkd.in/enzZdZ9 3. ISO 27001 Documentation Toolkit by Advisera (897$) - https://lnkd.in/euYBc-SW 4. ISO 27001 Toolkit by CertiKit (950€) - https://lnkd.in/ePxZUjHe 5. ISO 27001 Toolkit by IT Governance (595£ per year) - https://lnkd.in/eAwTcuE6 6. ISO/IEC 27001 Info Kit by PECB (Free) - https://lnkd.in/d-HEuN_8 7. ISO 27001 Templates Toolkit: Consultant Edition 2022 by HighTable (597£) - https://lnkd.in/dxhZX56U 8. ISO 27001:2022 All-In-One Toolkit by Certification Templates (999$) - https://lnkd.in/djXhSbiv 9. Instant 27001 for Confluence (from 1995€) - https://lnkd.in/dE7y6vzX 10. ISO/IEC 27001:2022 Documentation Toolkit by UCStoolkit (466€) - https://lnkd.in/d7CpThMF
12 www.patreon.com/posts/ 47806655
Thanks, and good luck! www.linkedin.com/in/andreyprozorov www.patreon.com/AndreyProzorov 13
My ISMS Implemantation Plan + templates 14 www.patreon.com/posts/isms-plan-iso-74660190
My other ISMS-related presentations

Recommended

Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 

Recommended

Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfSerkanRafetHalil1
 
ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Celonis_TISAX_Compliance_1_.pdf
Celonis_TISAX_Compliance_1_.pdfCelonis_TISAX_Compliance_1_.pdf
Celonis_TISAX_Compliance_1_.pdfChandra Rao
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
Iso 27001 in images - sample slides from different levels of training, e.g. F...
Iso 27001 in images - sample slides from different levels of training, e.g. F...Iso 27001 in images - sample slides from different levels of training, e.g. F...
Iso 27001 in images - sample slides from different levels of training, e.g. F...Stratos Lazaridis
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureUppala Anand
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
 
How to use ChatGPT for an ISMS implementation.pdf
How to use ChatGPT for an ISMS implementation.pdfHow to use ChatGPT for an ISMS implementation.pdf
How to use ChatGPT for an ISMS implementation.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.Jerimi Soma
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
PRESTO KPI installation checklists
PRESTO KPI installation checklistsPRESTO KPI installation checklists
PRESTO KPI installation checklistsTOPP Tactical Intelligence Ltd
 
CIO Day and OPEX Banking & Finance Day
CIO Day and OPEX Banking & Finance DayCIO Day and OPEX Banking & Finance Day
CIO Day and OPEX Banking & Finance DayArtie Debidien
 

More Related Content

What's hot

How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfSerkanRafetHalil1
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Celonis_TISAX_Compliance_1_.pdf
Celonis_TISAX_Compliance_1_.pdfCelonis_TISAX_Compliance_1_.pdf
Celonis_TISAX_Compliance_1_.pdfChandra Rao
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
Iso 27001 in images - sample slides from different levels of training, e.g. F...
Iso 27001 in images - sample slides from different levels of training, e.g. F...Iso 27001 in images - sample slides from different levels of training, e.g. F...
Iso 27001 in images - sample slides from different levels of training, e.g. F...Stratos Lazaridis
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureUppala Anand
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
 
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.Jerimi Soma
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 

What's hot (20)

How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Celonis_TISAX_Compliance_1_.pdf
Celonis_TISAX_Compliance_1_.pdfCelonis_TISAX_Compliance_1_.pdf
Celonis_TISAX_Compliance_1_.pdf
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
Iso 27001 in images - sample slides from different levels of training, e.g. F...
Iso 27001 in images - sample slides from different levels of training, e.g. F...Iso 27001 in images - sample slides from different levels of training, e.g. F...
Iso 27001 in images - sample slides from different levels of training, e.g. F...
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
 
How to use ChatGPT for an ISMS implementation.pdf
How to use ChatGPT for an ISMS implementation.pdfHow to use ChatGPT for an ISMS implementation.pdf
How to use ChatGPT for an ISMS implementation.pdf
 
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 

Similar to ISO 27001 How to accelerate the implementation.pdf

CIO Day and OPEX Banking & Finance Day
CIO Day and OPEX Banking & Finance DayCIO Day and OPEX Banking & Finance Day
CIO Day and OPEX Banking & Finance DayArtie Debidien
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Yerlin Sturdivant
 
2nd Q - course program portfolio
2nd Q - course program portfolio 2nd Q - course program portfolio
2nd Q - course program portfolioDieter Moll
 
RCS 2nd Q - course program portfolio
RCS 2nd Q - course program portfolioRCS 2nd Q - course program portfolio
RCS 2nd Q - course program portfolioDieter Moll
 
2nd q - course program portfolio
2nd q - course program portfolio2nd q - course program portfolio
2nd q - course program portfolioDieter Moll
 
RCS (Dieter MOLL lead trainer) - 2nd Q v1.2 - course program portfolio
RCS (Dieter MOLL lead trainer) - 2nd Q v1.2 - course program portfolio RCS (Dieter MOLL lead trainer) - 2nd Q v1.2 - course program portfolio
RCS (Dieter MOLL lead trainer) - 2nd Q v1.2 - course program portfolio Dieter Moll
 
EXIN Agile Scrum Foundation - Course Preview
EXIN Agile Scrum Foundation - Course PreviewEXIN Agile Scrum Foundation - Course Preview
EXIN Agile Scrum Foundation - Course PreviewInvensis Learning
 
1. table of contents
1. table of contents1. table of contents
1. table of contentsBeben Sutara
 
IT Governance, Risk & Compliance (GRC) by Berk Algan
IT Governance, Risk & Compliance (GRC) by Berk AlganIT Governance, Risk & Compliance (GRC) by Berk Algan
IT Governance, Risk & Compliance (GRC) by Berk AlganBerk Algan
 
Top management role to implement ISO 27001
Top management role to implement ISO 27001Top management role to implement ISO 27001
Top management role to implement ISO 27001PECB
 
Documentation Framework for IT Service Delivery
Documentation Framework for IT Service DeliveryDocumentation Framework for IT Service Delivery
Documentation Framework for IT Service DeliverySimon Denton
 
IHST - SMS in Small Operations
IHST - SMS in Small OperationsIHST - SMS in Small Operations
IHST - SMS in Small OperationsIHSTFAA
 
Khachab-Top Management role to implement ISO 27001
Khachab-Top Management role to implement ISO 27001Khachab-Top Management role to implement ISO 27001
Khachab-Top Management role to implement ISO 27001Mohamad Khachab
 
Top 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationTop 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationWatchful Software
 
Critical Success Factors along ERP life-cycle in Small medium enterprises
Critical Success Factors along ERP life-cycle in Small medium enterprises Critical Success Factors along ERP life-cycle in Small medium enterprises
Critical Success Factors along ERP life-cycle in Small medium enterprises Moutasm Tamimi
 

Similar to ISO 27001 How to accelerate the implementation.pdf (20)

PRESTO KPI installation checklists
PRESTO KPI installation checklistsPRESTO KPI installation checklists
PRESTO KPI installation checklists
 
CIO Day and OPEX Banking & Finance Day
CIO Day and OPEX Banking & Finance DayCIO Day and OPEX Banking & Finance Day
CIO Day and OPEX Banking & Finance Day
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001
 
2nd Q - course program portfolio
2nd Q - course program portfolio 2nd Q - course program portfolio
2nd Q - course program portfolio
 
RCS 2nd Q - course program portfolio
RCS 2nd Q - course program portfolioRCS 2nd Q - course program portfolio
RCS 2nd Q - course program portfolio
 
2nd q - course program portfolio
2nd q - course program portfolio2nd q - course program portfolio
2nd q - course program portfolio
 
RCS (Dieter MOLL lead trainer) - 2nd Q v1.2 - course program portfolio
RCS (Dieter MOLL lead trainer) - 2nd Q v1.2 - course program portfolio RCS (Dieter MOLL lead trainer) - 2nd Q v1.2 - course program portfolio
RCS (Dieter MOLL lead trainer) - 2nd Q v1.2 - course program portfolio
 
EXIN Agile Scrum Foundation - Course Preview
EXIN Agile Scrum Foundation - Course PreviewEXIN Agile Scrum Foundation - Course Preview
EXIN Agile Scrum Foundation - Course Preview
 
IT Manager
IT ManagerIT Manager
IT Manager
 
1. table of contents
1. table of contents1. table of contents
1. table of contents
 
IT Governance, Risk & Compliance (GRC) by Berk Algan
IT Governance, Risk & Compliance (GRC) by Berk AlganIT Governance, Risk & Compliance (GRC) by Berk Algan
IT Governance, Risk & Compliance (GRC) by Berk Algan
 
It manager
It managerIt manager
It manager
 
Top management role to implement ISO 27001
Top management role to implement ISO 27001Top management role to implement ISO 27001
Top management role to implement ISO 27001
 
Documentation Framework for IT Service Delivery
Documentation Framework for IT Service DeliveryDocumentation Framework for IT Service Delivery
Documentation Framework for IT Service Delivery
 
IHST - SMS in Small Operations
IHST - SMS in Small OperationsIHST - SMS in Small Operations
IHST - SMS in Small Operations
 
Khachab-Top Management role to implement ISO 27001
Khachab-Top Management role to implement ISO 27001Khachab-Top Management role to implement ISO 27001
Khachab-Top Management role to implement ISO 27001
 
Chap07
Chap07Chap07
Chap07
 
Top 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data ClassificationTop 10 Best Practices for Implementing Data Classification
Top 10 Best Practices for Implementing Data Classification
 
Critical Success Factors along ERP life-cycle in Small medium enterprises
Critical Success Factors along ERP life-cycle in Small medium enterprises Critical Success Factors along ERP life-cycle in Small medium enterprises
Critical Success Factors along ERP life-cycle in Small medium enterprises
 
pr ISMS Documented Information (lite).pdf
pr ISMS Documented Information (lite).pdfpr ISMS Documented Information (lite).pdf
pr ISMS Documented Information (lite).pdf
 

More from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

More from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001 (20)

NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
 
ISO Survey 2022: ISO 27001 certificates (ISMS)
ISO Survey 2022: ISO 27001 certificates (ISMS)ISO Survey 2022: ISO 27001 certificates (ISMS)
ISO Survey 2022: ISO 27001 certificates (ISMS)
 
12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy Frameworks
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
My 15 Years of Experience in Using Mind Maps for Business and Personal Purposes
My 15 Years of Experience in Using Mind Maps for Business and Personal PurposesMy 15 Years of Experience in Using Mind Maps for Business and Personal Purposes
My 15 Years of Experience in Using Mind Maps for Business and Personal Purposes
 
From NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfFrom NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdf
 
pr Privacy Principles 230405 small.pdf
pr Privacy Principles 230405 small.pdfpr Privacy Principles 230405 small.pdf
pr Privacy Principles 230405 small.pdf
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdf
 
ISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdfISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdf
 
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAll about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
 
Supply management 1.1.pdf
Supply management 1.1.pdfSupply management 1.1.pdf
Supply management 1.1.pdf
 
Employee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdfEmployee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdf
 
GDPR RACI.pdf
GDPR RACI.pdfGDPR RACI.pdf
GDPR RACI.pdf
 
GDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdfGDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdf
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
GDPR EU Institutions and bodies.pdf
GDPR EU Institutions and bodies.pdfGDPR EU Institutions and bodies.pdf
GDPR EU Institutions and bodies.pdf
 
Data protection RU vs EU
Data protection RU vs EUData protection RU vs EU
Data protection RU vs EU
 
IS Awareness in practice, isaca moscow 2019 10
IS Awareness in practice, isaca moscow 2019 10IS Awareness in practice, isaca moscow 2019 10
IS Awareness in practice, isaca moscow 2019 10
 
Про работу на Западе (Прозоров)
Про работу на Западе (Прозоров)Про работу на Западе (Прозоров)
Про работу на Западе (Прозоров)
 

Recently uploaded

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

ISO 27001 How to accelerate the implementation.pdf

  • 1. ISO 27001:2022 Tips and Tricks. How to accelerate the implementation by Andrey Prozorov, CISM, CIPP/E, CDPSE, LA 27001 www.patreon.com/AndreyProzorov 1.0, 01.06.2023
  • 2. Agenda 2 1. ISMS Implementation plan 2. The main obstacles 3. Recommendations for the implementation team 4. Recommendations for the project management 5. Recommendations for the core processes 6. Other recommendations 7. ChatGPT and ISO 27001 (ISMS) Toolkits
  • 3. ISMS Implementation plan 3 1. Conduct awareness trainings for the top management 2. Conduct a Gap analysis 3. Understand the Context 4. Plan the implementation 5. Conduct the first IS Committee meeting 6. Establish Information Security Policy and Information Security Objectives 7. Take an inventory of the assets 8. Define a method of risk assessment, identify and assess information security risks 9. Prepare Statement of Applicability (SoA) and Risk Treatment Plan (RTP) 10.Define requirements for documentation management 11.Develop ISMS Framework and define roles and responsibilities 12.Develop and implement a set of ISMS policies and procedures 13.Plan and implement additional information security measures 14.Plan, prepare and conduct awareness trainings 15.Operate the ISMS 16.Monitor the ISMS 17.Audit the ISMS 18.Conduct ISMS Management reviews 19.Practice continual improvement 20.Prepare for the certification audit *time-consuming tasks
  • 4. 4 Program Evaluation Review Technique (PERT) is a project management planning tool used to calculate the amount of time it will take to realistically finish a project ISMS Implementation plan 1-2 years
  • 5. 5 The main obstacles 1. Lack of top management support 2. Insufficient budget and resources / no allocated resources 3. Resistance to change (e.g., sophisticated alignment, extensive document approval, complicated procurement process) 4. Inadequate understanding of ISMS concepts (e.g., focus on Annex A, not on the main text) 5. Lack of skilled professionals 6. Unclear roles and responsibilities 7. Ineffective communication with the interested parties 8. Choosing a Risk Assessment methodology that is too complicated 9. No processes / low maturity level of processes / too complex processes, especially: • Internal audit • Nonconformity management • ISMS Evaluation (metrics and KPIs) • Asset management • Incident management • Change management • Business continuity management 10. Desire to radically increase the maturity of the processes (+ 2-3 levels) 11. Implementing new automation tools (e.g., GRC, SIEM, UEBA, SOAR) before building the processes 12. Lack of information security culture / Lack of awareness
  • 6. 6 Recommendations for the implementation team 1. Educate the implementation team in advance 2. Protect the implementation team from other projects and tasks (prioritisation) 3. Increase the motivation of the implementation team (e.g., additional bonuses, flexible hours, training courses) 4. Hire a few interns 5. Involve external consultants and/or mentors
  • 7. 7 Recommendations for the project management 1. Set clear and realistic project goals 2. The project charter is important, but don't make it too complicated 3. Reduce the ISMS scope for the certification 4. Improve communication between the implementation team members (e.g., use a Kanban board, create a channel on Slack/MS Teams) 5. Don't spend much time on detailed planning. Use the sprints (1-2 weeks) 6. Schedule parallel tasks (e.g., Risk Assessment and Documents preparation) 7. Prepare and strictly follow a Communication Plan
  • 8. 8 Recommendations for the core processes 1. Launch awareness training ASAP. Start from the top management 2. Launch the ISMS Committee / IS Steering Committee ASAP. Hold meetings once or twice a month at first, then once a quarter. 3. Use simple templates for ISMS documents, and easy approval and review procedures (e.g., during the ISMS Committee meetings) 4. Use Notion/Confluence (if allowed) 5. Create templates and registers in advance: 1. ISMS Committee presentation and MoM 2. Policy (Template) 3. Statement of Applicability (SoA) 4. Audit Plan and Report 5. Nonconformity Register and Report 6. ISMS management review report 7. Risk register 8. Incident register 6. Prepare the mandatory documents first. You don’t need the full set of topic-specific policies and procedures! 7. Simplify the core processes! You will improve them later… 8. Combine an ISMS Gap Analysis with Internal Audits 9. Don't spend much time on Risk Assessment. You will improve it later… 10. Implement only critical controls (Annex A). Just plan to implement others… 11. Continual improvement is better than the perfect system
  • 9. 9 Other Recommendations 1. Purchase and study ISO 27000, 27001, 27002, 27003, 27005, 27007, 19011 in advance 2. Collect and keep records with care 3. MS Excel is the best GRC for starters • Asset register • Incident register • Nonconformity register • Risk register and RTP • Statement of Applicability (SoA) • ISMS Documented information • Supplier register • … 4. Use ChatGPT 5. Use templates and toolkits
  • 11. 11 Best ISO 27001 (ISMS) Toolkits 1. ISO27k Toolkit by ISO27k Forum (Free) - https://lnkd.in/eC5Kh5d6 2. ISMS Implementation Toolkit by Andrey Prozorov (28$ per month) - https://lnkd.in/enzZdZ9 3. ISO 27001 Documentation Toolkit by Advisera (897$) - https://lnkd.in/euYBc-SW 4. ISO 27001 Toolkit by CertiKit (950€) - https://lnkd.in/ePxZUjHe 5. ISO 27001 Toolkit by IT Governance (595£ per year) - https://lnkd.in/eAwTcuE6 6. ISO/IEC 27001 Info Kit by PECB (Free) - https://lnkd.in/d-HEuN_8 7. ISO 27001 Templates Toolkit: Consultant Edition 2022 by HighTable (597£) - https://lnkd.in/dxhZX56U 8. ISO 27001:2022 All-In-One Toolkit by Certification Templates (999$) - https://lnkd.in/djXhSbiv 9. Instant 27001 for Confluence (from 1995€) - https://lnkd.in/dE7y6vzX 10. ISO/IEC 27001:2022 Documentation Toolkit by UCStoolkit (466€) - https://lnkd.in/d7CpThMF
  • 13. Thanks, and good luck! www.linkedin.com/in/andreyprozorov www.patreon.com/AndreyProzorov 13
  • 14. My ISMS Implemantation Plan + templates 14 www.patreon.com/posts/isms-plan-iso-74660190
  • 15. My other ISMS-related presentations