Here are ten steps to help you achieve ISO 27001:2013 certification.
Step 1 | Define the scope of your Information Security Management System (ISMS) and Statement of Applicability |
Step 2 | Undertake a gap analysis of your current policies and procedures. |
Step 3 | Produce any policies and procedures identified during the gap analysis as being incomplete, insufficient or out of date. |
Step 4 | Ensure risks are being managed effectively within your organisation. |
Step 5 | Ensure all roles and responsibilities have been identified in relation to management of information security. |
Step 6 | Identify and train internal auditors, and undertake internal audits. Also ensure an independent audit has been undertaken prior to Stage 1 Audit. |
Step 7 | Corrective action taken and documented regularly. |
Step 8 | Stage 1 Audit completed successfully. The Stage 1 Audit is primarily focussed on your ISMS to ensure that all mandatory policies and procedures have been produced and are embedded within your organisation. |
Step 9 | Ensure that any corrective action has been completed prior to Stage 2 Audit. |
Step 10 | Stage 2 Audit completed successfully. The Stage 2 Audit will confirm that you are compliant with your ISMS and your Statement of Applicability. |
If you would like further information please contact us to discuss your requirements.