10 Steps To Implement ISMS

  • What should be included in the audit scope?
  • Do I need to involve any subject matter experts, or I have the necessary expertise?
  • What should I use for audit criteria?
  • Whom should I invite?
  • When to set up interviews?
  • How will I collect evidence?
  • Which audit methods will I use?
  • Gap Assessment Report;
  • ISMS Implementation Project Plan;
  • ISMS Implementation Roadmap.
  1. Try to make risk management as realistic as possible and focus on your organization’s business model.
  2. Define risks, which can be applied only to your business type.
  3. Work with senior management on impact and probability criteria.
  4. Automate risk management process. Create worksheets with automated calculations or use some external risk management applications.
  5. Map your controls to some recognized framework, for instance, ISO 27002.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vitalii Susukailo

Vitalii Susukailo

An InfoSec guy experienced in Information security management, secure software development and security operations.