Professional Documents
Culture Documents
I m p l e m e n t a t i o n Ro a d m a p
<1 Month
Assess
Gaps
Optimally scoping and
understanding the current gap
between the desired and current
state are integral to appropriately
allocating the resources
(personnel, third party support,
expenditures, and time) necessary
to ensure the project achieves
objectives on time and on budget.
1- 3
Months
Shared Assessment
Same functionality as Gap Assessment except produces a Shared Assessment
worksheet that may be accepted as interim attestation by clients.
Develop &
Execute the
Roadmap
Operate the
Environment
Assess efficacy of environment,
monitor the ISMS, tune controls
accordingly, and accumulate
audit evidence for
attestation and certification.
Certify
While there are many significant
advantages to implementing
27001, most notably demonstrably
reducing risk and simplifying
Information Security,
for most entities certification
is the most important.
3-18
Months
Respond to Incidents
1-12
Months
Pre-Certification Audit
"Friendly" pre-audit structured in accordance with certification audit
(Tabletop Review then Compliance Review).
Certification Audit
27001 Certification Audit conducted by Certification Body resulting in
issuance of ISO 27001 Certificate
and
Beyond
F o r c o n s u l t i n g o n I S O 2 7 0 0 1 , v i s i t u s a t w w w. p i v o t p o i n t s e c u r i t y. c o m o r c a l l 1 . 8 8 8 . P I V O T P O I N T ( 8 8 8 . 7 4 8 . 6 8 7 6 )