Implementing ISO/IEC 27001 Information Security Management

Step 2 of 3: Implementation

We have great resources and support services to help you to start implementing ISO/IEC 27001 into your business.

You need to:

  • Complete the optional BSI ISO/IEC 27001 self-assessment questionnaire to evaluate how much of the work you’ve completed to meet certification requirements and what is still left to do
  • Ensure your organization understands the principles of ISO/IEC 27001, the roles individuals they’ll need to play and review your activities and processes against the standard

We help you to:

  • Develop the knowledge and skills to implement the standard at one of our implementation training courses.

  • Understand where your information security management system still needs work in order to be certified, book an optional BSI gap assessment
  • Consider using BSI Connect to support with implementation


Top tips for implementing ISO/IEC 27001

  1. Get commitment and support from senior management
  2. Engage the whole business with good internal communication
  3. Compare existing information security management with ISO/IEC 27001 requirements
  4. Get customer and supplier feedback on current information security
  5. Establish an implementation team to get the best results
  6. Map out and share roles, responsibilities and timescales
  7. Adapt the basic principles of the ISO/IEC 27001 standard to your business
  8. Motivate staff involvement with training and incentives
  9. Share ISO/IEC 27001 knowledge and encourage staff to train as internal auditors
  10. Regularly review your ISO/IEC 27001 system to make sure you are continually improving it