Beruflich Dokumente
Kultur Dokumente
How to use ISO 9001 standard to make your ISO 27001 implementation less p p painful. You have already implemented ISO 9001 or 9001, you are planning to implement both ISO 9001 and ISO 27001. 27001 In 90% of cases ISO 9001 can save up to 33% of time needed for ISO 27001 implementation.
2010 Information Security & Business Continuity Academy www.iso27001standard.com 2
ISO 27001 is much more similar to ISO 9001 than it may seem at first sight!
Agenda
Similarities Differences Diff Implementation issues & roles Top management issues Implementing both standards Certification Greatest h ll G t t challenges with ISO 27001 ith
Plan
Act
Do
Check
S Similarities
Process approach 4 mandatory procedures Human resources management Internal audits Management review M t i Setting the objectives and measuring ISO 27001 Annex A exclusions are possible
2010 Information Security & Business Continuity Academy www.iso27001standard.com 6
Differences ff
ISO 9001
ISO 27001
Risk assessment Q Quality y manual Customer complaints Statement of Applicability Security Incidents
Implementation issues
Integrate ISMS and QMS in one single management system ( ) For ISO 9001 clause 6.3 (Infrastructure) use ISO 27001 PAS 99 Integrated Management Do not merge Quality Policy and ISMS Policy
Roles
QMS management representative CISO (Chief Information Security Officer) j Project team Top management / sponsor
10
Certification C f
12
13
Conclusion
ISO 27001 and ISO 9001 have a very similar core management system ISO 9001 is a very g y good foundation for ISO 27001 implementation Get your management buy-in for ISO 27001!
14
Q&A
Dejan Kosutic
15
Thank you!
www.iso27001standard.com