• (0)

    ISO 27001 & ISO 22301 Blog

    Main obstacles to the implementation of ISO 27001

    You have this great idea that ISO 27001 will help you achieve compliance, attract new customers, decrease cost of incidents, and streamline your core IT processes? The idea is nice, but when it comes to implementation, things are getting complicated.

    First you would have to convince your management (if you are not in top management yourself) that ISO 27001 is really needed in your company. Management is usually overloaded with other commitments and deadlines, and it is not likely that they would like to undertake another project to worry about.

    Even if management is eager to do something about information security, the second question arises – how to finance it? At first sight, it may seem that “this paperwork shouldn’t cost too much”, but soon you realise that you have to pay for the consultant, buy literature, train your employees, invest in software and equipment, pay for certification etc.

    But let’s say that by some miracle you find the money for it, and then the third question arises: who will actually do it? If you have a frank consultant, he or she will tell you that it is not enough for a consultant to provide you with templates of the documentation, but you must try really hard to customize the documentation according to your situation. But it doesn’t stop here – the consultant tells also that you actually have to do precisely what the documentation (and the standard) tell you to do. And it is a permanent obligation, not a one-time job.

    So you come to your colleagues and ask them how you would divide the job for implementing and running ISO 27001, and suddenly they start talking about something else. Even worse, you might ask management to employ an Information Security Manager who, because of lack of such people on the market, doesn’t work for small sums.

    So, you end up being appointed project manager for ISO 27001, with small or almost non-existing budget, with a team that does not really want to bother with information security, and management that wants the certificate as soon as possible once the project has started.

    Are you still interested in ISO 27001?

    To overcome most common problems with the ISO 27001 implementation, check out the Conformio compliance software.

    Advisera Dejan Kosutic
    Dejan Kosutic
    Dejan holds a number of certifications, including Certified Management Consultant, ISO 27001 Lead Auditor, ISO 9001 Lead Auditor, and Associate Business Continuity Professional. Dejan leads our team in managing several websites that specialize in supporting ISO and IT professionals in their understanding and successful implementation of top international standards. Dejan earned his MBA from Henley Management College, and has extensive experience in investment, insurance, and banking. He is renowned for his expertise in international standards for business continuity and information security – ISO 22301 & ISO 27001 – and for authoring several related web tutorials, documentation toolkits, and books.