G2 Consulting

ISMS Implementation

 ISMSimplementation and certification process flowchart

v4.1 - a
 ISMS implementation and certification overview presentation
v2
 ISMS information risk management process
flowchart describes the information risk management activities,
 List of ISO27k standards

ISMS governance, management & implementation

 ISMS implementation project estimator - a tool to estimate the
timescale needed to implement an ISMS.
 ISMS implementation plan - a skeleton or starter plan for you to
expand and amend to suit your situation.
 ISMS implementation tracker - a combined status tracker for the
mandatory ISMS and optional security controls in ISO/IEC
27001:2013, Statement of Applicability and Gap Analysis, used to
track progress of the ISMS implementation project towards
certification and beyond.
India: C 905 Krishna Appra Saphire, Vaibhav Khand, Indirapuram. Ghaziabad. UP. India . 1
No. 16, First Floor, 70 Hansraj Kamshi Building, Y M Road, Masjid Bunder, West Mumbai, India
UAE: Spark International FZE, PO Box 16111, RAK FTZ, RAK-UAE.
Algeria: No: 2 Etage Batimet Billayat, Cite Eyalarsa, SETIF, ALGERIA.
 G2 Consulting

 ISMS mandatory documentation checklist -

a detailed and explicit guide to the documentation and records
formally required or recommended for certification against ISO/IEC
27001.
 Generic ISO27k ISMS business case template v2 outlines the
benefits and costs typically associated with an ISO27k ISMS for an
investment or implementation project proposal or budget request.
 ISO27k security awareness presentation v2 contributed by
 Agenda for ISMS Management Review meeting
 ISO27k information security program maturity assessment
tool c

Model information security policies

 High level overall ISMS policy contributed by K. Faisal Javed.
 Change management and control policy contributed by a
generous donor.
 Information classification policy contributed by Michael
Muehlberger.
 Malware policy
 Outsourcing security policy
 Security awareness and training policy

ISMS procedures, guidelines and other supporting

documents
 Corrective action procedure
 Corrective/preventive action record form
 Data restoration form
 FMEA risk analysis spreadsheet
 GDPR-ISO27k mapping - since privacy, compliance, information
risk and information security overlap, it makes sense to use an
ISO27k ISMS to achieve and maintain compliance with the
EU General Data Protection Regulation -
 Information asset inventory
 Information classification matrix
 Information risk register v2
 Information security controls cross-check
India: C 905 Krishna Appra Saphire, Vaibhav Khand, Indirapuram. Ghaziabad. UP. India . 2
No. 16, First Floor, 70 Hansraj Kamshi Building, Y M Road, Masjid Bunder, West Mumbai, India
UAE: Spark International FZE, PO Box 16111, RAK FTZ, RAK-UAE.
Algeria: No: 2 Etage Batimet Billayat, Cite Eyalarsa, SETIF, ALGERIA.
 G2 Consulting

 Introductory email introducing the ISMS implementation project

and initial gap analysis/business impact analysis work to managers.
 ISMS auditing guideline v2
 ISMS internal audit procedure v3
 Preventive action procedure

 Statement of Applicability (SoA)

 ISMS-related job descriptions/roles and responsibilities

 Organization of information security
 Generic infosec-related job descriptions
 RASCI table v5 allocates roles and responsibilities associated with
the security controls in ISO/IEC 27002,
 Roles and responsibilities for contingency planning contributed
 Roles and responsibilities for information asset management

India: C 905 Krishna Appra Saphire, Vaibhav Khand, Indirapuram. Ghaziabad. UP. India . 3
No. 16, First Floor, 70 Hansraj Kamshi Building, Y M Road, Masjid Bunder, West Mumbai, India
UAE: Spark International FZE, PO Box 16111, RAK FTZ, RAK-UAE.
Algeria: No: 2 Etage Batimet Billayat, Cite Eyalarsa, SETIF, ALGERIA.