With the release of ISO/IEC 27001:2013 this September, there has been an uplift in the number of organisations interested in ISO/IEC 27001. Some have chosen to gain certification against ISO/IEC 27001:2005 (as there is currently only a certification scheme for this version of the standard) and others, known as early adopters, have decided to implement the 2013 version of the standard. Is your organisation one of these early adopters? If the answer to this question is yes, then you are no doubt wondering how to get started.
How do we get started with ISO/IEC 27001:2013?
If you want to get started with ISO/IEC 27001:2013, you first need to get yourself copies of the standard itself along with a copy of ISO/IEC 27002:2013. Both standards can be purchased together in either hardcopy or PDF format from the IT Governance Webshop, or alternatively as a multi-user license. These standards should be read together.
Once you have read the standards, it is important to be able to contextualise the information within. To aid this process we would recommend reading an introductory guide to the standard such as An Introduction to ISO/IEC 27001:2013, which has been published by BSI, the UK’s National Standards Body.
By reading the standards and the book, you will get a grasp of what you actually need to do in order to implement an information security management system (ISMS) and then gain certification against the standard once the certification scheme is launched.
But how do you implement an ISMS that is aligned with ISO/IEC 27001:2013?
With regard to implementing an ISMS to be aligned with the 2013 edition of the standard, it can often be confusing which documents you need to create and how you should structure them. The simple answer to this conundrum is to buy a toolkit. IT Governance offer a toolkit that is available as a pre-order and contains the majority of the document templates you’ll need to create an ISMS – ISO27001 2013 ISMS Standalone Documentation Toolkit. This toolkit has been created by ISO/IEC 27001 experts at IT Governance and provides you with a comprehensive set of pre-written ISMS documents compliant with the newly released ISO27001: 2013 Standard, built from the necessary policies, procedures, work instructions and records that will save you months of work as you get your information security system up to speed.
Additionally/alternatively, if you don’t feel you have the knowledge and experience needed to implement an ISMS, we offer a range of ISO/IEC 27001 training courses that will be of benefit. If you are transitioning from the 2005 version of the standard to the 2013 version, you should attend our ISO27001 2013 Certified ISMS Transition Training Course. Our first classroom course will be held in London and has almost sold out. We are offering a Online Course to meet the needs of delegates that can’t travel to London.
Attend a course and gain the essential knowledge you need!
If you organisation is an early adopter, IT Governance has a solution for you!