Chapter 7: Implementation

The seventh step deals primarily with the implementation of the risk treatment plan – putting in place the selected information security controls. The technical aspects of control implementation, such as reconfiguring firewalls, implementing boot-level encryption on laptops, segregating networks and meeting Data Protection Act 2018 (GDPR) or PCI DSS compliance requirements, all depend in the first instance on the competence of those charged with the implementation.

As such, the focal point of this step is the competence of those in the information security team and of others across the organisation who will be responsible for documenting processes, communicating changes to processes and controls, and managing staff awareness, ...

Get Nine Steps to Success - An ISO 27001:2022 Implementation Overview now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Nine Steps to Success - An ISO 27001:2022 Implementation Overview by Alan Calder

CHAPTER 7: IMPLEMENTATION

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly