Agile ISO 27001 ISMS Implementation

Our approach combines risk and compliance management with agile methods and processes. Our offering includes an analysis and roadmap for building (or adapting) an ISMS that enables agile methodologies and lean processes. The goal of our approach is to enable all employees in the organization to work with the ISMS, internalize security measures and build a security mindset.

To this end, our Spike Reply GRC and Agile coaches analyze organizational processes and help create an ISMS design with special attention to usability and the implementation of lean and agile tools as well as processes. Our support includes scope definition, tooling advice, and high-level process design. Depending on your requirements, we will be happy to provide you with an individual offer for the implementation of the designed ISMS. After implementation, we support you in audit preparation and unassisted operation of the ISMS.

Our approach

Our approach comprises five modules. Only the first two modules are necessary for the assessment, the GAP analysis and the design of an ISMS to be implemented. The implementation of the ISMS and the preparation for the auditing of the ISMS can be found in the following modules. Another module serves the continuous improvement as well as the operation of the implemented ISMS. The duration of each module depends on the scope of the ISMS, the size of the organization as well as the complexity of the processes.

Module 1: ISMS assessment and GAP analysis

·      ISMS assessment of the company's structure, processes and working methods

·      GAP analysis for the ISO standard

  Module 2: Design phase

·      Definition of the ISMS target image and the scope of application

·      Evaluation of suitable tools for the implementation as well as the operation of the ISMS

·      High-level process design according to best practices

  Module 3: Implementation phase

·      Creation of all documents required for audit

·      Establishment of new processes

·      Automation of processes, if applicable

  Module 4: Audit preparation

·      Making the ISMS known to all employees

·      Training for handling

·      Enabling the client to operate the ISMS independently

  Module 5: Continuous improvement and operation of the ISMS

·      Iterative and continuous improvement

·      Evaluation of processes; analysis of key figures

·      Establishment of processes and requirements in the corporate culture

Deliverables

Module 1: ISMS assessment and GAP analysis

·      Assessment Report with GAP analysis

Module 2: Design phase

·      Lean-designed ISMS

·      Roadmap to implement ISMS

·      Documented high-level processes

Module 3: Implementation phase 

Module 4: Audit preparation

Audit readiness 

Module 5: Continuous improvement and operation of the ISMS

Fully implemented and adopted ISMS

Single point of truth and continuous availability