Search

ISO 27001: A Love-Hate Story about Security Documentation

It is not easy to design an information security management system that supports a mass of policies, procedures, and instructions. It is always a big challenge for technical guys (but it’ll be easy for you from today after reading this article 🤣).

Security Documentation
ISO 27001 Tricks and Tips

The world and market needs are changing, so that is a time to completely transform the way it is сommon to deal with the certification approach.

Here are some topics covered in this article:

  • Start with the simplest: define ISMS scope

  • Create a plan

  • Engage stakeholders

  • Think about ISO 27001 implementation like a project

Today we don’t want to discuss general terms about importance of information security documentation such as plan-do-check-act principle, etc.

Keep calm, let’s start now!

Define ISMS scope


At first, review the company organizational structure, if any. There definitely should be a place for IT Security and Compliance team. Ensure this team is separated from other departments, even from IT, so there is no conflict of interest.

Then, you should list all products and services your company is about. Set a brainstorm interview with management and the heads of departments.

Now, it is time to describe in detail your IT infrastructure. Get in touch with the IT team to do this.

Create a plan

There are many ways to develop a plan to implement ISO 27001 Controls, but we invented a Fully Customizable Kanban Board designed to achieve ISO 27001 requirements.

Your next step is to list all required security policies and procedures. Set the deadlines and assign the responsible officers. Ensure that all process owners are engaged. The document creation process is not something that should be done by one person.

The document development process should engage all departments. That is not someting should be done by one person.

ISO 27001 implementation like a project

That is our firm belief that the vast majority of people find the certification process boring and draining. But we created a simple and customizable solution to do it with fun and pleasure!

Implementing ISO 27001 controls can be a fun game!

Using agile methodology to get an information security certificate is the trust approach invented for any company size.