ISO 27001 & ISO 22301 Knowledge base

Where to start from with ISO 27001

If you’re just starting to learn about ISO 27001, or you were given the task to implement this cybersecurity standard and you do not have much experience, you’re probably wondering what to do first.

To help you get around, we created this list of useful materials from 27001Academy, which will enable you to learn what needs to be done.

Materials to get you started

Here are a few materials that will help you understand what ISO 27001 is all about, and give you some simple tips on where to start:

Risk management materials

If you have already started your implementation, you probably realized that the most complex step in the implementation is the risk assessment and treatment. Here are a few materials you’ll find useful:

Security controls (safeguards)

Although ISO 27001 is not a technical standard, it does provide a catalogue of 114 controls that you should consider implementing to mitigate potential incidents – here are some materials that will give you more insight into these controls:

ISO 27001 - Where to start: Most important materials

Writing the documentation

Writing policies and procedures is usually the hardest thing for most people – here are a few materials that will help you get started:

Setting up an ISO 27001 project

Because ISO 27001 is a rather complex standard, you need to make sure that you can complete the project successfully – here are a few materials on how to prepare and organize the implementation project:

So, yes, ISO 27001 probably sounds pretty complex at first glance – I hope we managed to clarify most of your doubts with these materials. Let us know in the comments below if you feel some other materials are needed.

Probably the best overview of ISO 27001 is in this free online training: ISO 27001:2013 Foundations Course.

Advisera Dejan Kosutic
Dejan Kosutic
Leading expert on cybersecurity/information security and author of several books, articles, webinars, and courses. As a premier expert, Dejan founded Advisera to help small and medium businesses obtain the resources they need to become certified against ISO 27001 and other ISO standards. He believes that making ISO standards easy-to-understand and simple-to-use creates a competitive advantage for Advisera's clients.

As an ISO 27001 expert, Dejan is sought out to help companies find the best way to obtain certification by eliminating overhead and adapting the implementation to the specifics of their size and industry.
Connect with Dejan: