You are on page 1of 17

ISO 27001 implementation

:
How to make it easier using
ISO 9001?

Presenter: Dejan Kosutic

GoToWebinar Control Panel • Open and close your Panel • View.com/27001academy 6 . and Test your audio • Submit text questions – they will be addressed throughout the session • Raise your hand ©2017 27001Academy advisera. Select.

How to use ISO 9001 to make your ISO 27001 implementation less painful. You have already implemented ISO 9001. ©2017 27001Academy advisera. In most of the cases ISO 9001 can save up to 25% of time needed for ISO 27001 implementation.com/27001academy 3 . or you are planning to implement both ISO 9001 and ISO 27001.

com/27001academy 4 . ISO 27001 is much more similar to ISO 9001 than it may seem at first sight! ©2017 27001Academy advisera.

com/27001academy 5 .Agenda • Similarities • Differences • Implementation issues & roles • Top management issues • Implementing both standards • Certification • Greatest challenges with ISO 27001 ©2017 27001Academy advisera.

Similarities – PDCA cycle Define what you Fill the Plan Act want to gap achieve Measure Implement if you what you Do Check achieved have the planned for objectives ©2017 27001Academy advisera.com/27001academy 6 .

… Similarities • Process approach • Document control • Corrective actions • Human resources management • Internal audits • Management review • Setting the objectives and measuring • ISO 27001 Annex A – exclusions are possible ©2017 27001Academy advisera.com/27001academy 7 .

com/27001academy 8 .… And differences ISO 9001 ISO 27001 Selecting controls (risk assessment) Quality manual Statement of Applicability Customer Security complaints Incidents ©2017 27001Academy advisera.

com/27001academy 9 .Implementation issues • Integrate ISMS and QMS in one single management system • PAS 99 Integrated Management • For ISO 9001 clause 7.1.3 (Infrastructure) use ISO 27001 • Do not merge Quality Policy and Information Security Policy ©2017 27001Academy advisera.

com/27001academy 10 .Roles • QMS management representative • CISO (Chief Information Security Officer) • Project team • Top management / sponsor ©2017 27001Academy advisera.

Top management issues • If QMS is already implemented. they will understand the benefits (or drawbacks) of ISMS easier • The management review can be done at the same time for both ISO 27001 and ISO 9001 • System for setting objectives and measuring them can be the same ©2017 27001Academy advisera.com/27001academy 11 .

Corrective actions ©2017 27001Academy advisera.Implementing both standards in parallel ISO 27001 + ISO 9001 ISO 27001 ISO 9001 Objectives ISMS.com/27001academy 12 . QMS policies Document management Risk Core Assessment operating + Annex A procedures Internal audits. Management reviews.

com/27001academy 13 .Certification Integrated audit → it will save you time and money! ©2017 27001Academy advisera.

ISO 9001.) • Defining the scope of implementation • Management and colleague commitment • Risk management since ISO 9001:2015 doesn't really need a formal risk process • Creating Integrated Management System ©2017 27001Academy advisera. etc.com/27001academy 14 .Greatest challenges with ISO 27001 • Lot of related ISO standards (ISO 19011. ISO 27000 family. ISO 31000.

com/27001academy 15 .Conclusions ISO 27001 and ISO 9001 have a very similar core management system → ISO 9001 is an excellent foundation for ISO 27001 implementation ©2017 27001Academy advisera.

Q&A Dejan Kosutic .

com/27001academy/webinars . Thank you! http://advisera.