Time Required to Implement ISO 27001 if ISO 9001 certified & SOX compliant?

L

LAF1017

My company is looking at implementing 27001 to meet customer requirements in India. We are currently ISO 9001 certified and SOX compliant. My employee count is around 650. What has been the forum's time and effort experience with the 27001 implementation?
 

AndyN

Moved On
My company is looking at implementing 27001 to meet customer requirements in India. We are currently ISO 9001 certified and SOX compliant. My employee count is around 650. What has been the forum's time and effort experience with the 27001 implementation?

Hello and welcome to the Cove. Your answer is going to be very dependent upon the scope of your ISMS. You certainly can save some time in not having to create the management systems aspects of ISO 27001, which are heavily leveraged from similar (sometimes identical) ISO 9001 requirements.

The rest of the work is going to be dependent on the scope (as mentioned) of the ISMS - what's the focus of implementation, what controls are identified as being applicable (from annex A) and how broad their application is across the business. So, it's going to require the boundaries (scope) of the ISMS to be defined, before anything else is done. From that a work plan/assignments can be drawn up and a time estimate made from that in turn.
 

Randy

Super Moderator
As Andy said there isn't any magic potion or formula, it will take what it will take
 

Richard Regalado

Trusted Information Resource
My company is looking at implementing 27001 to meet customer requirements in India. We are currently ISO 9001 certified and SOX compliant. My employee count is around 650. What has been the forum's time and effort experience with the 27001 implementation?

Hello LAF1017. My experience back in '03 for a BPO with 4,500 employees, certified to ISO 9001 and HIPAA and SOX compliance is 6 months for full deployment of then BS 7799 (precursor to ISO 27001).

That company is SPi Global (http://www.spi-global.com/) and one the key ingredients in the implementation process is their Quality Division. All 10 or more quality analysts actively assisted my team of 3 consultants in the risk management, documentation and internal auditing efforts.
 
Top Bottom