Agile ISO 27001 ISMS Implementation
By:
Spike Reply
The advance of agile working methods is ubiquitous in a wide variety of industries. At the same time, the increasing importance of security standards such as ISO/ICE 27001 and certifications based on them is indisputable. Many companies are currently implementing agile transformation not only in IT departments, but across the entire enterprise. It is important to adapt compliance and security processes to the changing environment. Reconciling both trends is therefore in the interest of many companies. Is it possible to meet the requirements of governance and compliance and at the same time rely on agile and lean processes and documentation? We say yes!
Overview
Our approach combines risk and compliance management with agile methods and processes. Our offering includes an analysis and roadmap for building (or adapting) an ISMS that enables agile methodologies and lean processes. The goal of our approach is to enable all employees in the organization to work with the ISMS, internalize security measures and build a security mindset.
To this end, our Spike Reply GRC and Agile coaches analyze organizational processes and help create an ISMS design with special attention to usability and the implementation of lean and agile tools as well as processes. Our support includes scope definition, tooling advice, and high-level process design. Depending on your requirements, we will be happy to provide you with an individual offer for the implementation of the designed ISMS. After implementation, we support you in audit preparation and unassisted operation of the ISMS.
Our approach
Our approach comprises five modules. Only the first two modules are necessary for the assessment, the GAP analysis and the design of an ISMS to be implemented. The implementation of the ISMS and the preparation for the auditing of the ISMS can be found in the following modules. Another module serves the continuous improvement as well as the operation of the implemented ISMS. The duration of each module depends on the scope of the ISMS, the size of the organization as well as the complexity of the processes.
Module 1: ISMS assessment and GAP analysis
· ISMS assessment of the company's structure, processes and working methods
· GAP analysis for the ISO standard
Module 2: Design phase
· Definition of the ISMS target image and the scope of application
· Evaluation of suitable tools for the implementation as well as the operation of the ISMS
· High-level process design according to best practices
Module 3: Implementation phase
· Creation of all documents required for audit
· Establishment of new processes
· Automation of processes, if applicable
Module 4: Audit preparation
· Making the ISMS known to all employees
· Training for handling
· Enabling the client to operate the ISMS independently
Module 5: Continuous improvement and operation of the ISMS
· Iterative and continuous improvement
· Evaluation of processes; analysis of key figures
· Establishment of processes and requirements in the corporate culture
Deliverables
Module 1: ISMS assessment and GAP analysis
· Assessment Report with GAP analysis
Module 2: Design phase
· Lean-designed ISMS
· Roadmap to implement ISMS
· Documented high-level processes
Module 3: Implementation phase
Module 4: Audit preparation
Audit readiness
Module 5: Continuous improvement and operation of the ISMS
Fully implemented and adopted ISMS
Single point of truth and continuous availability
| Sold by | Spike Reply |
| Categories | |
| Fulfillment method | Professional Services |
Pricing Information
This service is priced based on the scope of your request. Please contact seller for pricing details.
Support
For further questions regarding Spike Reply and our AWS Professional Service offerings, please contact us at spikedigital.de@reply.de