Top 5 ISO 27001 implementation issues you can solve with online tools

I am pretty much sure that every project comes with its own set of issues. An ISO implementation project has additional details, people, and deliverables involved, so the complexities that the project manager should deal with could be even worse.

In this article, I will list the top five issues tied to implementing an ISO 27001 project, and then show you how to leverage online technology to overcome them.

The 5 biggest ISO 27001 implementation issues

We communicate with many customers dealing with ISO complexities and, so far, we have identified these five key issues each ISO project manager faces during the ISO 27001 project implementation:

  1. Handling a mountain of documents. There are a lot of documents, versions, reviews, and approvals that need to be digested and handled throughout the lifetime of the ISO implementation project. It is required from ISO project managers to understand document ownership, status, and location of the latest versions. So, emails are out of the question, and it’s advisable to consider some strong document management system.
  2. Tracking hundreds of activities. Due to the high complexity of the ISO implementation project, naturally, there will be a lot of activities to track, discuss, and complete before the final deadline. So, there is a need for an effective way to track all the relevant tasks, communication, and statuses. Using a project management solution for this, which maps defined responsibilities to required tasks, might go a long way toward staying on top of everything and wrapping up the project on time.
  3. Dispersed communication. There will be a lot of dispersed discussions about the project, tasks, documents, and plans flying all around, which one needs to make sense of – so having all of this available all the time and in the right context is crucial. Intranet or an external communication tool (i.e., another tool) can be used.
  4. Steering implementation steps. There will be a lot of questions about what the next task will be and when it is required. So, having instructions about these steps is a necessity to prevent confusion and lost time. Some expert guidance usually helps in resolving the confusion, so there is a need to include expert advice from the very beginning of the ISO implementation project. For ISO 27001, you must consider specific guidance for developing documents, as well as functionalities to perform risk management, information security controls application, incident management, auditing, and management review.
  5. Dispersed records related to ISO management systems. If you need to look for each piece of information in several different locations, it will be very frustrating. So, keeping all relevant records in one place is very important during the lifetime of an ISO implementation project and in the post-implementation phase.
Top 5 ISO 27001 implementation issues you can solve with online tools - Advisera

Addressing 5 ISO issues using Conformio

To address these five ISO implementation issues – it could require many tools and many people involved. Let’s see how an online platform, packed with a diverse set of modules and features, helps to overcome them:

  1. Built-in document management system. On Conformio, any number of documents can be uploaded, co-developed (also using a document wizard that can guide you during the process of developing mandatory and most-adopted documents), and maintained online throughout the duration of the ISO implementation project, as well as during ongoing operation. Customized document workflows can be created, and the appropriate status can be set that helps to display the document’s progress and notify the right person to handle or approve the document at the right time.

Read more on this topic in this article: What kind of Document Management System (DMS) do you need for handling ISO documents?

Managing documents on Conformio
Figure 1. Managing documents on Conformio
  1. Effective task management system. Conformio can track and manage dozens of ISO-related tasks every day. Through a built-in Responsibility Matrix, developed with information defined during the elaboration of applicable policies and procedures, tasks can be delegated to team members to ensure accountability, and due dates with automatic reminders can be set to provide clarity regarding the project timeline and ongoing ISMS operation. On each task, there is a possibility to attach a file, start a conversation, and divide it into countless numbers of subtasks, if needed.
Managing tasks on Conformio
Figure 2. Managing tasks on Conformio
  1. Smooth communication. One of the key elements of good execution is the ability to get to the right information at the right time. On Conformio, it’s possible to start a discussion with any member of the team on a specific file, and add a tag to it. Threads are recorded, so if something is missed or forgotten, it’s possible to go back to it.
Managing discussions on Conformio
Figure 3. Managing discussions on Conformio
  1. Step-by-step ISO implementation. Conformio was built around the common steps for implementation of ISO 27001, so you will have a clear and sequential set of steps to follow. Additionally, you have access to Documentation Wizards, which provide guidance and examples on how to develop required documents, so you can complete them properly and on time. This resolves any confusion about the next steps, and on how to develop documents, providing sure steps forward to successful implementation of the ISO project.

See more on this topic in the article How to manage your ISO implementation through a collaborative software solution.

Managing ISO step-by-step implementation

  1. All relevant ISO records in one place. Working on the complex ISO implementation project results in a huge amount of data, feedback requests, decisions, and follow up to be done. Conformio brings together all relevant records (e.g., risk assessment and treatment, corrective actions, incident handling, nonconformities, improvement measures . . . etc.) in one place, allowing you easy access and follow up.

Having one place for all ISO-related documents, projects, tasks, and communication activities comes naturally when you deal with such project complexities and challenges. Each piece of data is put into the context of an ISO implementation project, so you don’t have to look for it elsewhere. Everything is right there – online. Even when the ISO project is successfully implemented, all data remain available for lessons learned, optimization, and next steps.

Technology gives us a much-needed edge to do more, faster and better. So, why not try it? It’s free.

Advisera Rhand Leal

Rhand Leal

Rhand Leal has more than 15 years of experience in information security, and for six years he continuously maintained а certified Information Security Management System based on ISO 27001. Rhand holds an MBA in Business Management from Fundação Getúlio Vargas. Among his certifications are: ISO 27001 Lead Auditor, ISO 9001 Lead Auditor, Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), and others. He is a member of the ISACA Brasília Chapter.
Read more articles by Rhand Leal