Many organizations are looking to implement and become certified with the ISO/IEC 27000 Standard as a way to improve the structure and quality of their business. The objective of the standard itself is to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System.
This toolkit serves to act as a starting point. It will give you a clear path to travel and is designed to be a valuable source of information and activities. There are a total of 5 folders in this toolkit that contain a total of 60 documents.
Folder 1 ISO/IEC 27000 Introduction
This folder contains 8 resources that will provide a detailed introduction to the standard, and to the main categories that make up the standard, such as Information Security Management, Business Continuity Management, Risk Analysis and the roles and responsibilities associated with maintaining an effective and efficient Information Security Management System.
In addition, you will find example role descriptions, a template example of a Statement of Applicability, Terms and Definitions explained and guidance on how you can certify your ISMS. And just in case these resources haven’t answered all your questions we have provided over 60 pages worth of ISO27000 frequently asked questions and answers for you. 8 documents.
Folder 2 Information Security Management Resources.
This folder contains general Information Security resources that will help you implement ISM, such as identifying security service requirements, providing guidelines for building an electronic data retention policy and a template Implementation Plan_Project Plan.
There are also resources to assist you with maintaining your ISMS such as security audit and security incident templates and suggestions for key performance indicators to ensure the ongoing success and improvement of this process. 12 documents.
Folder 3 Business Continuity Management Resources
Business continuity management is an integral part of the risk management framework within an organization. All organizations face a variety of risks. These may be sourced externally, and therefore largely out of the immediate control of the organization, or internally. Internal risks arise both at the strategic (organization-wide) level and at the operational (business process) level.
Successful business continuity management relies on the expertise from within the organization; it is the people that understand the organization, its business, processes and business risks.
The supporting resources found within this folder consist of templates, example plans, strategies and recovery options that can be used in your own organization or as a template in creating your own bespoke documentation. 19 documents.
Folder 4 Risk Management Resources
This folder is full of detailed templates and documented examples to assist you in implementing a successful Risk Assessment and Risk Management process. For example, the Risk Management Framework document provides 21 pages of guidance, from identifying risks to assessment, treatment, monitoring and review – which can be used in conjunction with the Risk Assessment and Control template form.
The Generic Project Risk Assessment document has been designed for business projects, IT infrastructure projects and general [i.e.] non-software development projects as is a useful starting point for any risk management project, whilst the Risk Management review provides guidance on the evaluation of your assessments and the step to take next. 6 documents
Folder 5 Bonus Resources
Finally, we have provided a Bonus Resources folder, with introductory information on ‘other’ standards and frameworks that maybe used in conjunction with the resources and materials found within this toolkit. These resources can also be used for education and instruction purposes for staff. 15 documents.
