Presentation is loading. Please wait.

Presentation is loading. Please wait.

The journey to ISO certification

Published byClemente Spina Modified over 5 years ago

Similar presentations

Presentation on theme: "The journey to ISO certification"— Presentation transcript:

1 The journey to ISO 27001 certification
13/08/2019 The journey to ISO certification Olivier Burrows, Management Systems Tutor, BSI

2 No owners/ shareholders … all profit reinvested into the business
Who is BSI? – 10 fast facts No owners/ shareholders … all profit reinvested into the business Founded in 1901 Global independent business services organization Standards, assessment, testing, certification, training, software National Standards Body in the UK #1 certification body in the UK and USA >2,500 staff and >50% non-UK 53 offices located around the world 64,000 clients in 147 countries £244.9m revenue in 2011

3 The start of the journey – who will manage this?

4 So what is the journey to certification?
At some point the business has a brainwave. Or a client asks do you have certification to ISO 27001? And of course we don’t. So what happens next? The idea of certification is then bounced around the business – do we need it? What will cost? Who will do it?

5 The journey to certification (cont.)
And then the question is asked does it belong to the IT Director or the Quality Director or the Security Manager? And it lands on your desk, with no background of why and where. So what do we do next???? What are we going to ask?

6 The journey to certification: What are the questions?
What is this for? What money do we have? Do we have any resources? Is there any training? Has anyone looked at the Standard? What will be the Scope of the Certification? How much time do we have?

7 The journey to certification: What will we need in the ISMS?
Security policy Organizational security Asset classification and control Personnel security Physical and environmental security Communications and operations management Access control System development and maintenance Business continuity management Compliance

8 The next phase is …

9 The journey to ISO 27001 certification: Planning

10 20% of the time implementing
10 10 Planning phase We now need to spend time planning the task – We should spend 20% of the time implementing 80% of our time planning 20% of our time planning 60% of the time fire fighting 20% of the time implementing which then ends up lasting the life of the system or to our retirement which ever comes sooner. but we spend

11 Planning phase Security policy Organizational security Asset classification and control Personnel security Physical and environmental security Communications and operations management Access control System development and maintenance Business continuity management ISO 22301? Compliance

12 What are the next steps for implementation?

13 Project plan We will be following a defined project plan The plan has 4 stages and 18 defined steps

14 The journey to ISO 27001 certification
Stage 1: Committee to implement

15 Where we are?

16 The journey to ISO 27001 certification
Stage 2

17 The journey to ISO 27001 certification: Stage 2
Receive Training Perform Gap Analysis Prepare Implementation Project Plan Estimate Costs

18 18 18 18 Where we are …

19 The journey to ISO 27001 certification
Stage 3

20 Implement and operate Support Project Monitor Project

21 The journey to ISO 27001 certification
Stage 4

22 Monitor and measure Management review Prepare for Certification

23 The journey to ISO 27001 certification
Lessons learnt

24 So what are the lessons learnt?
We rare look at the lessons learnt, I would just like to look at some of the main lessons for us all. Time Resources Scope and boundaries creep Training and awareness- In pact to our process. Project Management – The need of good project management.

25 The journey to ISO 27001 certification
Certification process with BSI

26 The registration process
Contact Customer Services Helpline Obtain quotation and submit application Client manager appointed System reviewed to ensure standard requirements addressed and registration assessment planned Initial assessment conducted Conformity and effectiveness of system to standard assessed Corrective action plan (if required) submitted Registration confirmed Certificate issued Continuous assessment programme (3 year cycle) Total client care

27 Consider certification

28 Any questions? Any questions?

29 Contact us Address: BSI Group Kitemark Court, Davy Avenue, Knowlhill
Milton Keynes, MK5 8PP Telephone: +44 (0) Links: If you require any further information, don’t hesitate to contact us.

30

Download ppt "The journey to ISO certification"

Similar presentations

Dr Lami Kaya LamiKaya@gmail.com ISO 27001 Information Security Management System (ISMS) Certification Overview Dr Lami Kaya LamiKaya@gmail.com.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
Developing a Risk-Based Information Security Program

Developing a Risk-Based Information Security Program
Presentation by Rachel Su’a

Presentation by Rachel Su’a
Massachusetts Digital Government Summit October 19, 2009 IT Management Frameworks An Overview of ISO 27001:2005.

Massachusetts Digital Government Summit October 19, 2009 IT Management Frameworks An Overview of ISO 27001:2005.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 4: Effective Integration.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 4: Effective Integration.
Prepared and presented by Paul French AJA Registrars Operations Director AJA are a multi-accredited International Certification Body based in Portishead.

Prepared and presented by Paul French AJA Registrars Operations Director AJA are a multi-accredited International Certification Body based in Portishead.
How Does Accreditation Work and How Can it Benefit You By: Marisol Valenzuela Executive Director International Accreditation Registry (IAR) Miami, Florida.

How Does Accreditation Work and How Can it Benefit You By: Marisol Valenzuela Executive Director International Accreditation Registry (IAR) Miami, Florida.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
ISO 9001:2015 Revision overview - General users

ISO 9001:2015 Revision overview - General users
1 Next Generation ISO 14001 Susan LK Briggs Presented to EFCOG/DOE EMS Implementation, Lessons Learned & Best Practices Training Workshop, 3/05.

1 Next Generation ISO Susan LK Briggs Presented to EFCOG/DOE EMS Implementation, Lessons Learned & Best Practices Training Workshop, 3/05.
Consultancy.

Consultancy.
Course Outline MAIL.PPT/1 © All Rights Reserved by TQMI TQMI, India's leading training and consultancy organisation, with its network of offices across.

Course Outline MAIL.PPT/1 © All Rights Reserved by TQMI TQMI, India's leading training and consultancy organisation, with its network of offices across.
Information Systems Development. Outline  Information System  Systems Development Project  Systems Development Life Cycle.

Information Systems Development. Outline  Information System  Systems Development Project  Systems Development Life Cycle.
Module CC3002 Post Implementation Issues Lecture for Week 1 AY 2013 Spring.

Module CC3002 Post Implementation Issues Lecture for Week 1 AY 2013 Spring.
Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number.

Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC 27001 Standard for Information Security Management Systems.

© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.
10/20/2015 1 The ISMS Compliance in 2009 GRC-ISMS Module for ISO 27001 Certification.

10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.
THE KITEMARK BSI. BACKGROUND The Kitemark BSI is the overarching organisation  UK Product and service quality certification mark  Owned and operated.

THE KITEMARK BSI. BACKGROUND The Kitemark BSI is the overarching organisation  UK Product and service quality certification mark  Owned and operated.
Save the Environment, save our World!. EMS is a management tool enabling an organization of any size or type to: Identify and control the environmental.

Save the Environment, save our World!. EMS is a management tool enabling an organization of any size or type to: Identify and control the environmental.

Similar presentations

Ads by Google