Beruflich Dokumente
Kultur Dokumente
Prepare for your Decide whether you are going to use consultants or you Commented [DK3]: Read this article: 5 criteria for choosing an
ISO 27001/ISO 22301 consultant
project will be using documentation templates http://blog.iso27001standard.com/2013/03/25/5-criteria-for-
choosing-a-iso-22301-iso-27001-consultant/
Purchase the ISO 22301 standard Commented [DK4]: See ISO 22301 Documentation Toolkit:
http://www.iso27001standard.com/en/services/bs-25999-
documentation-toolkit
Educate your project team
Commented [DK5]: Read this article: How to learn about ISO
27001 and BS 25999
Write the project plan including the definition of project http://blog.iso27001standard.com/2010/11/30/how-to-learn-
manager, project team, project sponsor, required about-iso-27001-and-bs-25999-2/
Write procedure for corrective action Commented [DK12]: Read this article: Practical use of
corrective actions for ISO 27001 and ISO 22301
http://blog.iso27001standard.com/2013/12/09/practical-use-of-
corrective-actions-for-iso-27001-and-iso-22301/
Identify risks of Develop the risk assessment methodology Commented [DK13]: Read this article: How to organize initial
risk assessment according to ISO 27001 and ISO 22301
disruptive incidents http://blog.iso27001standard.com/2014/04/29/how-to-organize-
Perform risk assessment initial-risk-assessment-according-to-iso-27001-and-iso-22301/
Commented [DK14]: See this webinar: The basics of risk
assessment and treatment according to ISO 27001
http://www.iso27001standard.com/en/webinars/iso27001-risk-
assessment-and-treatment-the-basics-free-webinar
Identify continuity Develop business impact analysis methodology
Commented [DK15]: Read this article: Five Tips for Successful
priorities and Business Impact Analysis
objectives Perform business impact analysis questionnaires http://blog.iso27001standard.com/2010/06/10/five-tips-for-
successful-business-impact-analysis/
Commented [DK16]: Read this article: How to implement
business impact analysis (BIA) according to ISO 22301
http://blog.iso27001standard.com/2013/12/03/how-to-implement-
Determine priorities, Business continuity strategy business-impact-analysis-bia-according-to-iso-22301/
required resources and Commented [DK17]: Read this article: Can business continuity
mitigation Risk treatment plan strategy save your money?
http://blog.iso27001standard.com/2010/03/15/can-business-
continuity-strategy-save-your-money/
Preparation plan
Define business Business continuity plan(s) Commented [DK18]: Read this article: Business continuity
plan: How to structure it according to ISO 22301
continuity procedures http://blog.iso27001standard.com/2012/09/24/business-
Incident response plan(s) continuity-plan-how-to-structure-it-according-to-iso-22301/
Recovery plan(s) Commented [DK19]: Read this article: How to write business
continuity plans?
http://blog.iso27001standard.com/2010/04/08/how-to-write-
Transportation plan(s) business-continuity-plans/
Communication procedure(s)
Perform training and Training and awareness plan Commented [DK20]: Read this article: How to perform training
& awareness for ISO 27001 and ISO 22301
awareness programs http://blog.iso27001standard.com/2014/05/19/how-to-perform-
Perform training for all employees who lack required skills training-awareness-for-iso-27001-and-iso-22301/
Corrective actions
Project Checklist for ISO 22301 ver [version] from [date] Page 2 of 3
Measure the BCMS Measure if you have achieved the objectives set for your
BCMS
Perform internal audit(s) Commented [DK21]: Read this article: How to make an
Internal Audit checklist for ISO 27001 and ISO 22301
http://blog.iso27001standard.com/2013/11/25/how-to-make-an-
Write an internal audit report internal-audit-checklist-for-iso-27001-iso-22301/
Perform management Perform management review Commented [DK22]: Read this article: Why is management
review important for ISO 27001 and ISO 22301?
review http://blog.iso27001standard.com/2014/03/03/why-is-
Maintain records from management review management-review-important-for-iso-27001-and-iso-22301/
Certification audit Obtain proposals from several certification bodies Commented [DK23]: See this webinar: ISO 27001/ISO 22301:
The certification process
http://www.iso27001standard.com/en/webinars/iso-27001-bs-
Select the certification body 25999-2-the-certification-process
Commented [DK24]: Read this article: How to choose a
Stage 1 certification audit certification body
http://blog.iso27001standard.com/2013/09/16/how-to-choose-a-
certification-body/
Stage 2 certification audit
Commented [DK25]: Read this article: How to approach an
auditor in a certification audit
Surveillance visits http://blog.iso27001standard.com/2013/11/18/how-to-approach-
an-auditor-in-a-certification-audit/
Commented [DK26]: Read this article: Surveillance visits vs.
certification audits
http://blog.iso27001standard.com/2012/11/05/surveillance-visits-
vs-certification-audits/
Project Checklist for ISO 22301 ver [version] from [date] Page 3 of 3