Streamline ISO 27001 Implementation Reducing the Time and Effort Required for Compliance

Recent regulatory developments such as Sarbanes Oxley, Basel II, and other national regulatory agency definitions have added pressure to many entities on how they manage their internal security. For a normal company there are frequency audits from external auditors and internal auditors, industry or government regulators, payment card industry and insurance company vendors. Meeting the requirements of these audiences adds to the complexity of operating the security function and frequently means the same meeting with four or five separate auditors. One option available to most entities is to implement an international standard and achieve accreditation on it. One known and recognized standard available for certification is the ISO/IEC 27001:2005 (referred to as ISO 27001). Currently there are 2,300 [1] entities certified worldwide. For companies with a mature security environment, implementing an ISO standard is not an easy choice. It means changing some of the existing policies to adapt and also requires modification of procedures undertaken by the company. For companies embarking on a new security plan the challenge is different, they need to define, deploy and manage a set of rules from the ground up. This article covers some of the common pitfalls of deploying a security program and also shortcuts and ideas to streamline an ISO 27001 implementation.