How to implement ISO 27001 a step by step guide

Let me show you for free how to implement ISO 27001 in this step by step guide so you can do it yourself. Whether you are an information security professional or a business looking to save money, the process is the same. Simple and straightforward.

These ISO 27001 videos are designed to help people like yourself who want to learn how to implement ISO 27001 themselves and avoid the high costs associated with hiring an expert. I show you step-by-step what needs to be done in order for your organization become ISO 27001 compliant and get ISO 27001 certified.

Everything you need to do it yourself is in the ISO 27001 Toolkit. The knowledge and training is free.

You can see exactly how I did it and apply those same techniques in your own organization. It’s easy, fast, and doesn’t require any special skills or knowledge on your part – just follow along with me as I explain everything from start to finish! This is the best way possible of getting started with ISO 27001 without having to spend thousands of dollars on consultants or other experts that will charge by the hour. You won’t find this type of information anywhere else online – only here at High Table!

Everything you need to know to get started

Start here with everything you need to know about ISO 27001 to get started. This video answers the questions that come up the most when starting and ISO 27001 implementation from how it fits, how much it costs, what the process is, what the difference with SOC 2 is, and how the implementation process will go.

The tutorials are based on the ISO 27001 Toolkit

Orientate Yourself with ISO 27001 Gap Analysis and why the ISO 27001 Toolkit as it is

Take a first look at the mapping of the standard and how the ISO 27001 toolkit meets the requirements of the standard. Understand how ISO 27001 gap analysis and ISO 27001 Internal Audit will be performed.

The ISO 27001 Standard Walkthrough Part 1

A walkthrough of the ISO 27001 Standard. Part 1 using the ISO 27001 Toolkit and years of experience to explain what the ISO 27001 standard is, what it is looking for and how you can go about satisfying it for ISO 27001 certificaiton.

The ISO 27001 Standard Walkthrough Part 2

Following on from the ISO 27001 Standard Walkthrough Part 1 we continue and finish our look at the ISO 27001 standard.

ISO 27001 Implementation

Create your organisation overview

A simple document that has information about who you are. It allows you to adapt your information security management system to meet the needs of the business and demonstrates that you have done this.

Download the Organisation Overview Template

Document Internal / External Issues and Interested Parties

Internal and external issues that affect the information security managements system are recorded and may need to be added to the risk register for risk treatment. The needs of interested parties are considered and recorded.

Download the Context of Organisation Template

Decide and document the ISO 27001 Scope

It is important to get the scope of the ISO 27001 and Information Security Management System right. Getting it wrong will cost time and money.

Download the ISO 27001 Scope Template

Record the laws and regulations that apply to your business

There are laws that govern how a business operates. You should know the laws that apply to your organisation and we review them and we record them.

Download the Legal Register Template

Document and Control Physical and Virtual Assets

If it stores, process or transmits information or data then record it in the asset register along with the required control points for assets.

Download the Physical Asset Register Template

Document and record your Data Assets

A record of the data assets is required by the standard and by many laws and regulations. Create your data asset register.

Download the Data Asset Register Template

Decide and record which ISO 27002 / Annex A Controls Apply

ISO 27002 / Annex A is a list of controls that your business should consider implementing. Decide which ones apply to you, review them and record them.

Download the ISO 27001 SOA – Statement of Applicability Template

Document what your information security management system is

There are key decisions when building the information security management system and when those decisions have been taken, record them so you can explain your information security management system clearly.

Assign Required Roles and Responsibilities

There are required roles and responsibilities as part of ISO 27001 so decide who is doing what and record that.

Show you have the competencies to run ISO 27001

Record the skills and competencies of the team and their ability to effectively run the ISO 27001 information security management system. Identify gaps and plans to close those gaps.

Download the Competency Matrix Template

Define your classification scheme

We classify data and assets and set controls and requirements based on those classifications. Take what is provided or adapt to requirements.

Download the Classification Summary Template

Write, implement and deploy your ISO 27001 policies.

We implement policies that tell people what to do and what we do for information security.

Download the ISO Policy Bundle

How to implement ISO 27001 looking to do things yourself – here are some how to’s

If you don’t use the ISO 27001 Toolkit but would rather create the documents yourself, here is where we show you how.

How to create an Organisation Overview

How to create a Context of Organisation

Defining Scope

How to create an Asset Register

How to create a Statement of Applicability

How to create an information security policy

How to create a risk register

How to build a competency matrix

How to build a third party supplier register

Shopping Cart