Initial commit

Drafts and Ideas/About/iso27DYI - How this works.md

@@ -0,0 +1,37 @@
+# iso27DYI: How this works
+
+
+## Structure
+
+We've divided the ISMS implementation into a number of Episodes.
+
+
+- setting the goals
+- what's the lay of the land (relevant external issues)
+- how's our equipe, our assets that need to be protected (internal issues, strengths and weaknesses)
+- knowing the risks
+- identifying measures to mitigate the risks
+- creating the recipes (policies) for resilience in different areas / domains
+- implementing the risk mitigating measures
+- ensuring resources to implement and maintain everything
+- all the while documenting stuff as we go allong
+- audit and review how we're doing.
+
+For every element of the ISO 27001 you need to be able to tell the auditor:
+
+- what your method is for implementing the requirement
+- how and when you monitor the results of your implementation
+- how and when you evaluate the results and identify possible improvements
+- when you are planning to implement these improvements
+- who's involved and who's responsible for each of these steps.
+
+In ISO27DIY we deal with this by providing Policy Cards for every Clause and Control of the ISO 27001. 
+
+There's always our Controls Library with everything in Plain English, support by our consultants. When the time is ready, you can plan a preliminiary audit.
+
+## Principles
+- work with what you got - keep doing what you do but make it 'compliant'
+- work iteratively - you can always come back later
+
+# Metadata
+- which 'slots' this scene fills