Advertisement
opexxx

ISMS_implementationplan

Dec 25th, 2022
81
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.36 KB | None | 0 0
  1. 1 S 1. Management Support
  2. 2 T Outline business case
  3. 3 T Present business case
  4. 4 M Management support is obtained
  5. 5 T Initiate project
  6. 6 T Plan project
  7. 7 S 2. Determine Scope
  8. 8 T Determine external issues
  9. 9 T Determine internal issues
  10. 10 T Identify external interested parties
  11. 11 T Identify internal interested parties
  12. 12 T Identify requirements of interested parties
  13. 13 T Determine preliminary scope
  14. 14 T Determine refined scope
  15. 15 T Determine final scope
  16. 16 T Document final scope
  17. 17 T Approve final scope
  18. 18 M Scope is approved
  19. 19 S 3. Define Information security policy
  20. 20 T Determine information security objectives
  21. 21 T Write information security policy
  22. 22 T Publish information security policy
  23. 23 S 4. Inventory of assets
  24. 24 T Identify primary assets
  25. 25 T Identify supporting assets
  26. 26 T Map primary and supporting assets
  27. 27 T Identify asset owners
  28. 28 T Develop information classification policy
  29. 29 T Classify assets
  30. 30 T Develop procedures for information labelling
  31. 31 T Label assets
  32. 32 T Document asset inventory
  33. 33 S 5. Risk Management Methodology
  34. 34 T Define information security risk criteria
  35. 35 T Define information security risk acceptance criteria
  36. 36 T Approve information security risk acceptance criteria
  37. 37 T Define information security risk assessment process
  38. 38 T Define information security risk treatment process
  39. 39 S 6. Information security risk assessment
  40. 40 S Risk identification
  41. 41 T Identify threats
  42. 42 T Identify existing controls
  43. 43 T Identify vulnerabilities
  44. 44 T Identify consequences (impact)
  45. 45 S Risk analysis
  46. 46 T Assess consequences (impact)
  47. 47 T Assess likelihood
  48. 48 T Determine risk level
  49. 49 S Risk evaluation
  50. 50 T Evaluate risks
  51. 51 M Risk assessment is completed
  52. 52 S 7. Information security risk treatment
  53. 53 T Select risk treatment options
  54. 54 T Determine controls
  55. 55 T Produce Statement of Applicability (SoA)
  56. 55 T Formulate risk treatment plan
  57. 56 T Obtain approval for risk treatment plan
  58. 57 M Risk treatment plan is approved
  59. 58 T Implement risk treatment plan
  60. 59 T Update Statement of Applicability (SoA)
  61. 60 M Risk treatment plan is implemented
  62. 61 S 8. Performance Evaluation
  63. 62 S Monitoring
  64. 63 T Identify information needs
  65. 64 T Create and maintain measures
  66. 65 T Establish procedures
  67. 66 T Monitor and measure
  68. 67 T Analyse results
  69. 68 T Evaluate information security performance
  70. 69 T Evaluate ISMS effectiveness
  71. 70 T Document results
  72. 71 S Internal audit
  73. 72 T Establish audit programme objectives
  74. 73 T Determine audit programme risks and opportunities
  75. 74 T Evaluate audit programme risks and opportunities
  76. 75 T Establish audit programme
  77. 76 T Implement audit programme
  78. 77 T Conduct internal audits
  79. 78 T Report audit results
  80. 79 S Management review
  81. 80 T Review reporting of the performance of the ISMS
  82. 81 T Provide results of management review
  83. 82 S 9. Improvement
  84. 83 T Identify nonconformities
  85. 84 T Review nonconformities
  86. 85 T Perform root cause analysis
  87. 86 T Determine corrective actions
  88. 87 T Plan corrective actions
  89. 88 T Inplement corrective actions
  90. 89 T Assess corrective actions
  91. 90 M ISMS is compliant
  92. 91 S 10. Certification audit
  93. 92 T Contact certfication bodies
  94. 93 T Request proposals
  95. 94 T Review proposals
  96. 95 T Select certification body
  97. 96 T Sign engagement letter
  98. 97 T Schedule stage 1 audit
  99. 98 T Undergo stage 1 audit
  100. 99 T Schedule stage 2 audit
  101. 100 T Undergo stage 2 audit
  102. 101 M ISMS is certified
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement