You are on page 1of 12

Project proposal for ISO

27001:2013 implementation
Subtitle or presenter

All rights reserved. 2 .Content • Reasons for implementation • Purpose of the project • Benefits of an ISMS • Implementation details • Milestones • Resources • Deliverables 6/13/2017 Copyright ©2015 27001Academy.

Reasons for implementation (1/2) Primary reasons: • Improve interested parties’ trust by assuring compliance with their requirements • Improve marketing edge (image and credibility) by attaining certification to ISO 27001 • Reduce expenses related to information security incidents • Improve internal organization by better defining responsibilities and duties 6/13/2017 Copyright ©2015 27001Academy. 3 . All rights reserved.

4 . All rights reserved.Reasons for implementation (1/2) Marketing Compliance edge Optimizing Lowering the business expenses processes 6/13/2017 Copyright ©2015 27001Academy.

and other interested parties’. engagement in information security improvement 6/13/2017 Copyright ©2015 27001Academy. All rights reserved. 5 .Reasons for implementation (2/2) Secondary reasons: • Integrate information security to business process for better alignment • Improve decisions by basing them on data from the information security management system • Create a culture of continual improvement of the information security • Improve employee.

All rights reserved. and education to the users – Providing relevant information to management for the first critical review of the ISMS for continual improvement – Selecting the proper certification body to certify the system 6/13/2017 Copyright ©2015 27001Academy. training.The purpose of the project What do we want to achieve? • Gain ISO 27001 certification by [date] through: – Defining the ISMS framework – Identifying the current risk scenario – Selecting and implementing proper security controls – Providing proper awareness. 6 .

Implementation details • Project manager: [insert name] • Project sponsor: [insert name] • Project duration: [insert number of months] 6/13/2017 Copyright ©2015 27001Academy. All rights reserved. 7 .

8 .Milestones Milestone Due date Initiation Planning ISMS framework Risk assessment Implementation Internal Audit Management Review Corrective Actions Certification Audit Continual Improvement Setup 6/13/2017 Copyright ©2015 27001Academy. All rights reserved.

9 . e..g.. e. All rights reserved. Resources (1/2) Human Internal resources – [list internal resources resources. group name] External resources – [list external resources. consulting company] Technical Tool – [Tool name] resources Equipment – [list equipment needed] 6/13/2017 Copyright ©2015 27001Academy.g.

and other resources] Other Documentation templates resources 6/13/2017 Copyright ©2015 27001Academy. e. human resources – internal and external.. 10 .g. technical. Resources (2/2) Financial Amount: [define amount of money resources needed to finish the project] Cost types: [split costs according to the cost type and include all resources listed here. All rights reserved.

and improvement processes 6/13/2017 Copyright ©2015 27001Academy. 11 .g. All rights reserved. documents for security controls • Definition of risk assessment methodology and organization’s risk profile • Measurement.. analysis.Deliverables • ISMS General requirements documents • ISMS related documents defined by the organization (e.

12 . Click icon to add picture Project proposal for ISO 27001 implementation Presenter’s name 6/13/2017 Copyright ©2015 27001Academy. All rights reserved.