37 lines
1.4 KiB
Markdown
37 lines
1.4 KiB
Markdown
# iso27DYI: How this works
|
|
|
|
|
|
## Structure
|
|
|
|
We've divided the ISMS implementation into a number of Episodes.
|
|
|
|
|
|
- setting the goals
|
|
- what's the lay of the land (relevant external issues)
|
|
- how's our equipe, our assets that need to be protected (internal issues, strengths and weaknesses)
|
|
- knowing the risks
|
|
- identifying measures to mitigate the risks
|
|
- creating the recipes (policies) for resilience in different areas / domains
|
|
- implementing the risk mitigating measures
|
|
- ensuring resources to implement and maintain everything
|
|
- all the while documenting stuff as we go allong
|
|
- audit and review how we're doing.
|
|
|
|
For every element of the ISO 27001 you need to be able to tell the auditor:
|
|
|
|
- what your method is for implementing the requirement
|
|
- how and when you monitor the results of your implementation
|
|
- how and when you evaluate the results and identify possible improvements
|
|
- when you are planning to implement these improvements
|
|
- who's involved and who's responsible for each of these steps.
|
|
|
|
In ISO27DIY we deal with this by providing Policy Cards for every Clause and Control of the ISO 27001.
|
|
|
|
There's always our Controls Library with everything in Plain English, support by our consultants. When the time is ready, you can plan a preliminiary audit.
|
|
|
|
## Principles
|
|
- work with what you got - keep doing what you do but make it 'compliant'
|
|
- work iteratively - you can always come back later
|
|
|
|
# Metadata
|
|
- which 'slots' this scene fills
|