ISO 27001 implementation, start to finish
Hello,
I am a student at University of Advancing Technology in the BS network security program and have been assigned to ask a question on a one of the security frameworks we are studying.
My question is to anyone who has implemented the ISO 27000 family of security frameworks what was your experience on beginning the process (good and bad) and how much effort did it take to finally get the certification? Also, if you don’t mind answering a second question, I was wondering how hard is it to maintain the security framework once you achieved the ISO 27001 certification?
Thanks in advance,
--Tracy
CISSP
Software/Hardware used:
Software/Hardware used:
ASKED:
October 12, 2012 12:17 AM
UPDATED:
October 15, 2012 10:28 PM
Answer Wiki:
Last Wiki Answer Submitted:
Be the first to answer this question.
To see all answers submitted to the Answer Wiki: View Answer History.
the starting process is always difficult as you need to prepare everything and preparation takes a lot of effort. for iso 27001 there is a lot of Policy and Procedure (PnP) is required. usually there will be the 1st audit to see if you are on track and once they correct you (if there are minor mistakes or ways to improve) then they will come again to audit you again.
maintain it is actually quite easy (for me). Make sure that you are following your processes according to what is written in PnP and making sure that all the information is actually up to date. Reviews should also be done once in a while so that you know your work is up to date and not only be updating everything when the auditor is coming to visit.