For many organisations, the documentation stage is the most time-consuming part of their ISO 27001 project. For some, documenting an ISMS (information security management system) can take up to 12 months.
How you decide to tackle this stage will be crucial to your overall success. ISO 27001 doesn’t tell you what your documentation should look like for the simple reason that there is no ‘one size fits all’ solution to information security.
To help you get started, we have outlined the three approaches to tackling documentation:
1. Trial and error
Designing the ISMS yourself is very risky and the most time-consuming approach. An ISMS needs a huge amount of detail, and trial and error is a difficult way to tackle this task.
2. External expertise
The second approach involves bringing in external expertise from experienced consultants. Though this offers a faster route than trial and error, it is substantially more expensive. Consultants will need to take time to learn your systems and processes before they can begin to document them and document any new systems or processes. The advantages of external expertise include considerably reducing the risk of failure and overcoming resource issues.
3. Documentation toolkits
Documentation toolkits can significantly reduce errors and save you a considerable amount of time and money. We highly recommend this approach and have designed a documentation toolkit that exactly meets the requirements of ISO 27001. The ISO 27001 ISMS Documentation Toolkit has been developed by ISO 27001 experts and provides all of the mandatory and supporting documentation templates you will require, and is more cost-effective than consultancy fees.
Take a look at the ISO 27001 ISMS Documentation Toolkit and see how you can tackle ISO 27001 documentation using pre-written documentation templates.