If you work for a small or medium-sized company and you’re considering implementing ISO 27001, you’re probably already overwhelmed with various approaches on how to start and finish such a project successfully.
The ISO 27001 international standard sets out the requirements of an ISMS (information security management system) – a holistic approach to information security that encompasses people, processes and technology. Organisations with an accredited certification to the Standard are recognised worldwide as achieving the hallmark of best-practice information security management.
To achieve compliance with the ISO 27001 standard, you have three basic options: use your own in-house resources and expertise, hire an expert or consultant, or meet these two somewhere in the middle by implementing the standard with a do-it-yourself approach while taking advantage of external know-how.
Do it yourself
IT Governance’s ISO 27001 Do It Yourself package includes the ISO 27001 documentation toolkit, three critical standards from the ISO 27000 family, two bestselling implementation books and the definitive ISO 27001 risk assessment software tool, vsRisk™.
This option is very popular among SMEs because employees maintain responsibility for implementing the Standard while also getting the expertise, documentation and support from externally developed tools and resources.
The advantage of a DIY approach is that you still get the necessary expertise and support, but at a more affordable price than using a consultant. Furthermore, access to your confidential information is closed to anyone from outside your organisation.
The DIY package includes IT Governance’s popular ISO 27001 Documentation Toolkit. While there is still some work to be done to fully customise the documentation to match your ISMS, a substantial proportion has already been built, and it includes extensive guidance on how each procedure contributes to the management system.
Get some help
An alternative solution is the ISO 27001 Get A Lot Of Help package, which contains the core ISMS standards alongside implementation guidance, key implementation tools and documentation toolkit, attendance on Live Online masterclasses, and our unique Mentor and Coach service.
Other ISO 27001 implementation options besides the ISO 27001 Do It Yourself and ISO 27001 Get A Lot Of Help packages are the ISO 27001 Basics, ISO 27001 Get A Little Help and ISO 27001 We Do It For You packages.
The ISO 27001 packages are designed to help with the initial understanding of information security management, as well as helping you to develop the necessary available internal resources and a corporate culture of using best-in-class tools and skills to accelerate learning and implementation while still essentially following a do-it-yourself approach to project management.