Resources For ISO 27001 Requirement 7.1

What is covered under ISO 27001 Clause 7.1?

A requirement of ISO 27001 is to provide an adequate level of resource into the establishment, implementation, maintenance and continual improvement of the information security management system.  As described before with the leadership resources in clause 5.3, ISO IEC 27001 does not actually mandate that the ISMS has to be staffed by full time resources, just that the roles, responsibilities and authorities are clearly defined and owned – assuming that the right level of resource will be applied as required.  It is the same with clause 7.1, which acts as the summary point of ‘resources’ commitment which are then more fully described with requirements in:

Read our free guide to achieving ISO 27001 first time

Planning resources and considering staffing requirements for ISO 27001 clause 7

As can be seen just from the references above, ISO drops in resource requirements across a number of different angles so it is easy to get confused about the level of investment in physical resources.

Viewing all of the people oriented requirements for implementing and running the ISMS makes sense, then the organisation can consider the capacity, confidence and capability of the people involved to do the work. Some of the resources may need to be more committed in time than others, for example legal and HR skills are important for some aspects of the ISMS during its implementation and reviews of risks, policies from time to time, but not the general ongoing administration and management.

There are many ISO 27001 information security training courses, and ISO 27001 lead auditor, ISO 27001 implementation and many other courses out there that can build confidence and capability. However our experience suggests that whilst they can sometimes be helpful, they don’t always deliver a return on investment and could be problematic too. Depending on the trainer the course might also teach old ways of working, impress counter cultural practices that won’t work for your organisation and can mean taking valuable time out for learning some things are pretty darn obvious when you start the implementation!

ISMS implementations to meet certification for ISO 27001 are far easier with an application that helps guide delivery, offers a map of what needs to get done and where progress is being made.

Alongside a preparation plan like that expressed in with the added benefit of the ISO 27001 Virtual Coach service which is always on, when and where it is needed, implementations are faster and lower total cost too.

Working on an early morning, lunchtime or weekend to get something done – no problem, the Virtual Coach is inside the platform whilst you are considering that issue and that coupled with the tips, documentation to adopt, adapt and add to, as well as the easy to use technology solution itself, you’ll need less support resource than you had imagined. If capacity or capability is an issue in a particularly thorny area, then consider one of the expert partners to help by exception – just get in touch and we will introduce you to a partner that is a good fit for your organisation needs.

See how simple it is with