Implementing ISO 27001
ISO/IEC 27001:2013 – THE PROJECT in SIXTEEN STEPS
To implement ISO 27001, you can’t use agile – yes there might be ‘scrums’ and sprints and you might define the outcomes that measure success as you write the policy – but in practical terms one step leads to another and is a precursor to the next, a prerequisite in getting it right.
The waterfall approach, a ‘Prince 2 lite’ if you like, is recommended if you want to demonstrate the professional approach and keep key stakeholders on board. A staged ‘waterfall’ approach with frequent opportunities for management review will maintain context and avoid pitfalls. If you wish to know more click here