Created
December 25, 2022 20:00
-
-
Save opexxx/929b22ad3104b414abef4892a78f7899 to your computer and use it in GitHub Desktop.
ISMS_implementationplan
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 S 1. Management Support | |
2 T Outline business case | |
3 T Present business case | |
4 M Management support is obtained | |
5 T Initiate project | |
6 T Plan project | |
7 S 2. Determine Scope | |
8 T Determine external issues | |
9 T Determine internal issues | |
10 T Identify external interested parties | |
11 T Identify internal interested parties | |
12 T Identify requirements of interested parties | |
13 T Determine preliminary scope | |
14 T Determine refined scope | |
15 T Determine final scope | |
16 T Document final scope | |
17 T Approve final scope | |
18 M Scope is approved | |
19 S 3. Define Information security policy | |
20 T Determine information security objectives | |
21 T Write information security policy | |
22 T Publish information security policy | |
23 S 4. Inventory of assets | |
24 T Identify primary assets | |
25 T Identify supporting assets | |
26 T Map primary and supporting assets | |
27 T Identify asset owners | |
28 T Develop information classification policy | |
29 T Classify assets | |
30 T Develop procedures for information labelling | |
31 T Label assets | |
32 T Document asset inventory | |
33 S 5. Risk Management Methodology | |
34 T Define information security risk criteria | |
35 T Define information security risk acceptance criteria | |
36 T Approve information security risk acceptance criteria | |
37 T Define information security risk assessment process | |
38 T Define information security risk treatment process | |
39 S 6. Information security risk assessment | |
40 S Risk identification | |
41 T Identify threats | |
42 T Identify existing controls | |
43 T Identify vulnerabilities | |
44 T Identify consequences (impact) | |
45 S Risk analysis | |
46 T Assess consequences (impact) | |
47 T Assess likelihood | |
48 T Determine risk level | |
49 S Risk evaluation | |
50 T Evaluate risks | |
51 M Risk assessment is completed | |
52 S 7. Information security risk treatment | |
53 T Select risk treatment options | |
54 T Determine controls | |
55 T Produce Statement of Applicability (SoA) | |
55 T Formulate risk treatment plan | |
56 T Obtain approval for risk treatment plan | |
57 M Risk treatment plan is approved | |
58 T Implement risk treatment plan | |
59 T Update Statement of Applicability (SoA) | |
60 M Risk treatment plan is implemented | |
61 S 8. Performance Evaluation | |
62 S Monitoring | |
63 T Identify information needs | |
64 T Create and maintain measures | |
65 T Establish procedures | |
66 T Monitor and measure | |
67 T Analyse results | |
68 T Evaluate information security performance | |
69 T Evaluate ISMS effectiveness | |
70 T Document results | |
71 S Internal audit | |
72 T Establish audit programme objectives | |
73 T Determine audit programme risks and opportunities | |
74 T Evaluate audit programme risks and opportunities | |
75 T Establish audit programme | |
76 T Implement audit programme | |
77 T Conduct internal audits | |
78 T Report audit results | |
79 S Management review | |
80 T Review reporting of the performance of the ISMS | |
81 T Provide results of management review | |
82 S 9. Improvement | |
83 T Identify nonconformities | |
84 T Review nonconformities | |
85 T Perform root cause analysis | |
86 T Determine corrective actions | |
87 T Plan corrective actions | |
88 T Inplement corrective actions | |
89 T Assess corrective actions | |
90 M ISMS is compliant | |
91 S 10. Certification audit | |
92 T Contact certfication bodies | |
93 T Request proposals | |
94 T Review proposals | |
95 T Select certification body | |
96 T Sign engagement letter | |
97 T Schedule stage 1 audit | |
98 T Undergo stage 1 audit | |
99 T Schedule stage 2 audit | |
100 T Undergo stage 2 audit | |
101 M ISMS is certified |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment