Professional Documents
Culture Documents
4.2, 15.11.2022
0. Read ISO 27001 • ISO Survey 2021: ISO 27001 certificates • Basic knowledge
and additional
• ISO 27001, 27002, 27003, 27005, 27014 • Purchased standards
materials. Take a
mindmaps (ISO 27001, 27002, 27003,
training course.
27005)
• The ISO 27000 Family of Standards
• ISO 27001. New information security
controls, 2022
• IS Controls Mapping (2013 and 2022)
• ISMS Required activities
• ISO 27001 implementation steps
(Approaches)
• My presentation "ISO 27001:2022. What
has changed?"
• Recommendations*
2. Conduct a Gap • Request documents for GAP analysis • ISMS Gap Analysis report
analysis (ISMS and PIMS)
• List of ISMS documents (draft)
• ISMS GAP Analysis Report (template)
• ISMS Required activities
• Requirements for documented
information in ISO 27001 and ISO 27701
• Cyber Security Principles by ACSC
• List of documents (template)
3. Understand the • Privacy Pain Points and Trigger Events • List of Requirements (draft)
Context
• Information Security and Data Protection • ISMS Scope (draft)
context (mindmap)
• List of interested parties (draft)
• List of interested parties (example)
• Slides for the first IS Committee
• List of Requirements (template) meeting
• ISMS Scope (template) • Organization Chart
5. Conduct the first • ISMS presentation for the first IS • Presentation and MoM
IS Committee Committee meeting (template)*
• ISMS Communication plan
meeting
• MoM (template)*
• Orders
• Changes in the Job Descriptions
12. Develop and • ISO 27002:2022 5.1 Policies for • Set of ISMS policies and
implement a set information security procedure
of ISMS policies
• ISMS Documented Information • SoA (updated)
and procedures
• Information Security Policies. Templates
and resources for inspiration
• Simple Policy Template
• Set of example policies*
• Process description (checklist and
template)
• Sanity checklist for ISMS/PIMS
documentation
14. Plan, prepare and • Competence for ISMS Professionals • Information security awareness
conduct programme and plans
• Cybersecurity Profiles by ENISA
awareness
• Awareness materials and other
trainings • How to develop an IS awareness
records
program, mindmap
• Evidence of competence
• Information Security and Data Protection
awareness
• Information Security and Data Protection
Awareness Topics
• Information Security and Data Protection
culture
• Interview questions for CISOs and DPOs
• Chief Information Security Officer (CISO)
by ACSC
16. Monitor the ISMS • Objective and Key Results (OKRs) • List of objectives, KPIs and
metrics
• BCP and DRP. Failure and Recovery
Metrics • ISMS monitoring, measurement,
analysis and evaluation reports
17. Audit the ISMS • Guidelines for ISMS auditing (mindmap) • Internal information security
audit programme and plans
• Internal Audit Plan (template)
• Internal information security
• Internal Audit Report (template)
audit reports
• Nonconformity Report (template)
• List of Nonconformities (NCs)
• List of NCs*
• Audit Meetings Checklist
• ISO 19011:2018 Guidelines for auditing
management systems, Mindmap
18. Conduct ISMS • ISMS Management Review Report • ISMS management review
Management (template) reports (MRR)
reviews
• IS Committee meetings
(Presentations and MoMs)
20. Prepare for the • ISMS Audit Preparation Checklist (short • Request for proposal (RFP)
certification audit template)
• ISMS Overview (presentation)
• Recommendations*
• List of ISMS documents
(updated)
• Organization Chart
*Soon