Hi,
I'm not sure whether you are looking for project plan or the
various phases that need to be designed and completed for
the successful ISMS implementation. To my knowledge the
following are the phases of activities that could be carried
out for the ISMS implementation:
1. Defining the SCOPE of ISMS;
2. Conducting the control based Risk Assessment;
3. Creation of Information Asset Register (Information Asset
Profiling);
4. Conducting the Risk Assessment;
5. Coming out with the Risk Treatment Plan (RTP);
6. Converting the RTP into Implementation Roadmap by
defining the roles & responsibilities and efforts
required for risk treatment;
7. Development of Security Policies, Procedures, Standards,
Checklists, and supporting templates;
8. Design of secure network architecture, as applicable;
9. Rollout of the developed policies, procedures, checklists
and templates;
10. Sustain the rolled out phase and observe the
sustenance;
11. Conduct Internal Audit and identify the
non-conformance(s);
12. Prepare the Corrective and Preventive Action plan for
the identified non-conformance(s);
13. Implement the plan prepared in step 12;
14. Give sometime to sustain the process and conduct the
second Internal Audit; and
15. Now, depending on the internal audit report, you should
be able to figure out whether you are ready for the
certification audit and accordingly you can get in touch
with the certifying agency and go for the final assessment.
Should you need more clarification, feel free to get back to
me.
Regards,
Gaurav
gaurav79 gmail.com | +91-9873198236
|