The seventh of the nine steps deals primarily with the implementation of the Risk Treatment Plan—putting in place the selected information security controls. The technical aspects of control implementation—re-configuring firewalls, implementing boot-level encryption on laptops, segregating networks, meeting DPA or PCI compliance requirements, and so on—all depend in the first instance on the competence of those charged with their implementation.

The focal point of this step is the competence of those in the information security team, as well as of others across the organization who will be responsible for documenting processes, for communicating changed processes and controls across the organization, and for staff awareness, ...

Get Nine Steps to Success: North American edition - An ISO 27001 Implementation Overview now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.