Every ISO 27001 practitioner faces a few challenges when implementing an information security management system (ISMS). Some of them may be specific to the organisation and overcoming them will depend on the individual’s ability to understand the business, its needs and how to communicate effectively. At the same time, there are some common issues that ISO 27001 practitioners need to deal with, regardless of the type or size of the business. They are usually associated with meeting tough deadlines, working with limited resources and staying within tight budgets.
Having trained thousands of delegates via our ISO 27001 Learning Pathway programme, we at IT Governance understand the pains and pitfalls that ISO 27001 practitioners regularly encounter. Information security professionals come to our courses to learn particular skills, to understand how to solve a problem or to acquire a qualification. While we believe our courses enable delegates to achieve their objectives, it would be wrong to insist that they can solve all their time, resource or budget issues.
ISO 27001 has been our focus for the last ten years and this has allowed us to identify and develop resources for ISO 27001 practitioners that can eliminate some of the hassle around delivering the project. Designed to save you time and money, and to enable you to implement ISO 27001 effectively, our top three tools are:
ISO 27001 Documentation Toolkit
Developing documentation is a big part of any ISO 27001 project. Sometimes it can take weeks to create the necessary documents and, if a deadline is looming, time can be a luxury that practitioners cannot afford.
The ISO 27001 Documentation Toolkit features seven policies, 55 procedures, 23 work instructions, 25 records, guidance documents, and a range of editable meeting, project and process templates, all created by expert ISO 27001 practitioners to help support your implementation of an ISO 27001-compliant ISMS.
In a survey to gauge its effectiveness, every customer agreed that this toolkit saved them time and effort, and they would recommend it to their suppliers, customers and partners.
Information security risk assessment tool
IT Governance’s ISO 27001 Global Report revealed that conducting an information security risk assessment is a key challenged for ISO 27001 practitioners. The outcome of a risk assessment is fundamental to ensuring that you make informed security management decisions, select the most appropriate security controls, and optimise your cyber security expenditure. But a risk assessment can be costly if you need to hire a consultant, or complex and time-consuming if you go through the whole process manually using a plain spreadsheet.
vsRisk™ provides a simple, smart and cost-effective alternative to information security risk assessments. It simplifies and speeds up the risk assessment process, cuts costs and ensures accurate, repeatable risk assessments year after year. Featuring seven control sets, a database of threats, vulnerability and risks, and six exportable and audit-ready reports, vsRisk enables you to:
- View the ISO 27001 controls that require documentation
- Upload documents to link and track controls
- Customise risk acceptance criteria and risk calculation formula
- Map controls between different standards and frameworks
- Add additional assets, risks and controls
- Create customised views: risks, owners, assets and groups
- Choose from four risk responses: treat, tolerate, transfer or terminate
vsRisk licences are available for standalone, network-enabled and multi-user versions, and can also be purchased with an in-built ISO 27001 Documentation Toolkit.
UK IT Legal Compliance Database
ISO 27001 requires you to develop an ISMS taking into account “the requirements of interested parties [including] legal and regulatory requirements and contractual obligations” (Clause 4.2 Note). A busy ISO 27001 practitioner may find it difficult to keep track of over 80 statutes and regulations for England and Wales to ensure compliance with the relevant laws and regulations.
The UK IT Legal Compliance Database contains all of the critical statutory and regulatory documents in one place – saving you the time, hassle and expense of trying to track them down and interpret the requirements. It includes regular updates on the latest laws and regulations, enabling you to stay abreast of the changing regulatory environment.