Next steps for IS0 27001 implementation

Getting started with ISMS.Online software for managing your ISMS

 

Welcome to your ISMS.Online platform.

We have created your environment for managing the selected elements of your ISMS securely online, 24/7.

By now you should have received your login details for accessing over any secure internet browser. If you can’t find it in your inbox, check you spam folder, and don’t forget to add the address to your contacts so you don’t miss any important communications from us in the future.

We suggest you go in immediately and re-set your password and personalise your user profile.

Your environment has been pre-populated with the tools and frameworks you have subscribed to, together with supporting policies for you to adopt, adapt or add to.

You’ll no doubt be keen to get started and it may be a good idea to re-fresh yourself on the system by taking the tour available on the home page.

Clicking support at the bottom right of the page will take you into our system Academy materials here.

If you need further help simply email us at support@isms.online.

 

Kick-Off Webinar

By now your ‘Kick-Off’ webinar should be in the diary.

In your webinar we will focus on what areas of ISMS.online to concentrate on for immediate success:

  • Visibility and privacy, including team memberships and the administrator role
  • Administration and adding new team members
  • Orientation of the system including the  purpose of each initiative
  • Using the ISO 27001 environment, including setting up communications groups for the ISMS Board and ISMS Communications for all staff
  • How to reopen activities and start to build your own unique history of changes. These will replace the ISMS Creator role that built the ISO 27001 policies for you to adopt, adapt and add to
  • An explanation of the notes feature, including a look at the changes due at the end of the August
  • High level management including board reporting agendas and KPIs
  • Quick tips around the use of linking, multiple tabs and dual monitors.

Implementing your ISMS to ISO 27001 standards?

There are a number of starting points, and not all organisations will choose the same route.

To help you we have included policies for you to adopt, adapt or add to. Of course, every organisation is unique and there are some key policies which will need senior management input to arrive at a policy relevant to your business. Where this is the case, we have offered guidelines within the policy environment.

We’re suggesting two approaches to getting started with your ISO 27001 implementation and have included hyperlinks to learning materials to assist you:

1. The Purist

The ideal approach to developing your ISMS involves starting with:

 

4.1 Understanding the organisation and its context

4.2 Interested Parties

4.3 Scope of applicability

6.1 Actions to address risks and opportunities

Then look at policy areas

 

Each of these actions naturally filters and helps shape the following one, so your Interested parties help determine your risks and your risks help determine what polices you have in place to mitigate those risks.

2. The ‘I Just Want to Get Started’

You may already have some of your own polices that you want to map to the ISO standard, or your management team may not yet have had time to go through sections 4.1, 4.2, 4.3 and 6.1 to help you shape your policies. In this case you probably just want to get things going.

We’d recommend cloning your environment to create a draft version of the ISMS controls and content project. Here you can drop in the policies you already have.

This will enable you to do a gap analysis, showing where you are now and where you need to be. You can then assign areas which need work to relevant team members. Don’t forget, you also have our policies to adopt, adapt or add to where appropriate.

When you do get a chance to review 4.1, 4.2, 4.3 and 6.1, you can then check whether the outcomes from those areas affect your polices and what amendments need to be made.

We hope this has given you some ideas for getting started.

If you need further support or guidance on implementing ISO 27001:2013, we’re happy to help with an implementation support and coaching package. Please get in touch if you feel this could benefit you.

Thanks again for choosing ISMS.Online and we’ll be keeping in touch to see how your implementation is going!

ISMS Online Rating: 5 out of 5
Share This