Take the ISO 27001 course exam and get the EU GDPR course exam for free
  • (0)

    ISO 27001 & ISO 22301 Knowledge base

    Where to start from with ISO 27001

    If you’re just starting to learn about ISO 27001, or you were given the task to implement this cybersecurity standard and you do not have much experience, you’re probably wondering what to do first.

    To help you get around, we created this list of useful materials from 27001Academy, which will enable you to learn what needs to be done.

    Materials to get you started

    Here are a few materials that will help you understand what ISO 27001 is all about, and give you some simple tips on where to start:

    Risk management materials

    If you have already started your implementation, you probably realized that the most complex step in the implementation is the risk assessment and treatment. Here are a few materials you’ll find useful:

    Security controls (safeguards)

    Although ISO 27001 is not a technical standard, it does provide a catalogue of 114 controls that you should consider implementing to mitigate potential incidents – here are some materials that will give you more insight into these controls:

    ISO 27001 - Where to start: Most important materials

    Writing the documentation

    Writing policies and procedures is usually the hardest thing for most people – here are a few materials that will help you get started:

    Setting up an ISO 27001 project

    Because ISO 27001 is a rather complex standard, you need to make sure that you can complete the project successfully – here are a few materials on how to prepare and organize the implementation project:

    So, yes, ISO 27001 probably sounds pretty complex at first glance – I hope we managed to clarify most of your doubts with these materials. Let us know in the comments below if you feel some other materials are needed.

    Probably the best overview of ISO 27001 is in this free online training: ISO 27001:2013 Foundations Course.

    Advisera Dejan Kosutic
    Dejan Kosutic
    Dejan holds a number of certifications, including Certified Management Consultant, ISO 27001 Lead Auditor, ISO 9001 Lead Auditor, and Associate Business Continuity Professional. Dejan leads our team in managing several websites that specialize in supporting ISO and IT professionals in their understanding and successful implementation of top international standards. Dejan earned his MBA from Henley Management College, and has extensive experience in investment, insurance, and banking. He is renowned for his expertise in international standards for business continuity and information security – ISO 22301 & ISO 27001 – and for authoring several related web tutorials, documentation toolkits, and books.