How to implement information security in your organisation

Hello Everyone,

If you are implementing or planning to implement information security ISO 27001:2013 then this post is for you. 

Here are the steps to implement Information security in your Organisation -

1) Find a right ISO implementation partner-

It is important to find implementation partner who has completed multiple information security implementations at various organisations. You can also check if your partner has implemented information security in your domain, getting a partner who has already implemented in same domain boosts confidence and provides clarity.

2) Recruit internal employees for Implementation and Audit-

Getting in house experienced Iso certified candidates also helps organisations as checker on implementation projects.

3) Train your existing employees-

Even though you have right implementation partner and Internal certified Employee to take care of whole process, it is actually employees who are going to follow the policies and in-corporate in their day to day life. Hence everyone should be aware of policies and ways to implement in their everyday corporate life. 

4) Information Security policies should be integrated with current business process-

Information security is never about stopping a business process instead it helps to grow business in a secure manner and helps to reduce business loss due to information security leakages. Hence information security policies should be integrated with business in such a way that employees don't see it as burden instead they should enjoy it.

5) Awareness to Employees -

Employees are the ones who will actually work on it, Hence employee awareness should be conducted extensively before implementation and after getting accreditation also. You can share awareness docs by email or by conducting information security workshops.

6) Inform business partners/vendors about Iso compliance and right to Audit-

Organization data is always shared with mutiple vendors/partners in variuos ways which is a huge risk and impacts your business directly. Always have meetings with your partner /vendor on scheduled intervals and discuss about information security compliance.

7) Share the internal and external audit plans with employees  in advance-

Always communicate your audit plans (Internal +External) with employees in advance to avoid last minute glitches and impact on business. Always involve your CEO or Management Committee.

8) Store the information security policies on Hr portal-

Employees should know the location of policies stored where they can read it. HR portal is the common place to keep each and everything related to employees. Avoid providing download access of policies to employees as it can be compromised.

9) Prepare action plans and checklist for all employees -

Action plans and checklist always helps to prepare yourself and your organization. Also you and your team will never miss on anything. Microsoft planner and To-do might help you here.

10) Conduct regular internal audit-

Cross auditing each other and conducting regular audit helps to improve the security and confidentiality of information in your organisation. Make sure that the findings of internal audit are closed before going for External Stage 1 and Stage 2 Audits.

Put your comments in the feedback section and let me know in case you would like to add anything.