12 Important Steps in ISO 27001 implementation and certification

A simple tips and steps for the smooth implementation and certification of ISMS IS 27001

1. Get Management Support
The first thing that you should do is get a management support. ISO 27001 implementation need a corporate wide top down approach. Make sure that you have approval and support from higher management level

2. Define ISMS Scope
Whether integrated for all information security layers or just partial for data center, server or infrastructure is basically depends on your need and capability. Most of companies find some difficulties when implementing this standard for entire department. So be selective when defining the scope and limitation

3. Inventory Information Assets
Inventory asset is the next important thing. Make sure that all of assets recorded properly. Make sure that intellectual and shared asset is also not missed. Collecting this information assets usually facing a challenge since many of information is distributed and separated in several functions.

4. Conduct Information Security Risk Assessment
5. Develop ISMS Implementation program
6. ISMS Implementation Program
7. Information Security Management System
8. ISMS Operation Artifacts
- Policies, Procedures, Guidelines
- Security Log, Configuration
- Compliance and Audit Report
- Awareness Training, Attendance Report
9. Compliance Review
10. Corrective Action
11. Pre-certification Assessment
12. Certification Audit

Any other suggestions? Attached the simple framework and mindmap to help you understanding the step by step in ISO 27001 implementation