ISO 27000 - Starting from Scratch for a Smallish Law Firm

#1
Greetings fellow Covers,

I'm beginning a new job at a law firm. Right now, we are small but we have big clients and I think it would add some value to start working towards IT security standards. But I have no idea where to start. For my last job, I walked into a ISO 13485, ISO 9001 certified organization.

Any help is appreciated.

Thanks and best,

supadrai
 
Elsmar Forum Sponsor
#2
Hello supadrai,

well, there's a lot of work to do my friend. Let's first grab a copy of (1) ISO/IEC 27001 which specifies the requirements for Information security management systems and (2) ISO/IEC 27003:2017 which is the guideline for implementing an information security management system in accordance with ISO/IEC 27001 requirements.

Apart from the above mentioned, i would personally suggest that you start by wrapping your head around the very basic idea of information security management:

1. Identify and evaluate risks to the security of information.
2. Identify and employ controls to reduce/mitigate each risk.
3. Monitor, evaluate and improve the effectiveness of the controls used to reduce the risks to your company's security of information.

Please let me know if this begins to answer your question, and i will be available for any additional questions you may have.
 
#4
And before you even do that, decide what information you need to keep secure. Then, once you have that understanding, you can look at risks.
Yes absolutely, this is maybe the most important part for determining both risk level and controls to be implemented.
 
Thread starter Similar threads Forum Replies Date
K ISO/IEC 27000, ISO 15408 and the DSS security clearance (FCL) -- Oh, My IEC 27001 - Information Security Management Systems (ISMS) 0
W What are the benefits of ISO 27000 to my company? IEC 27001 - Information Security Management Systems (ISMS) 5
P Where to start to helping other companies to get ISO IEC 27000? Consultants and Consulting 1
Richard Regalado ISO/IEC 27000:2014 - Information technology - Overview and vocabulary (FREE download) IEC 27001 - Information Security Management Systems (ISMS) 4
T Are there any International Conferences related to ISO/IEC 27000 series standards IEC 27001 - Information Security Management Systems (ISMS) 1
Hershal PAC (Pacific Accreditation Cooperation) guidance on application of ISO/IEC 27000 IEC 27001 - Information Security Management Systems (ISMS) 0
S Planning and Costs to Implement ISO / IEC 27000 - Where to start? IEC 27001 - Information Security Management Systems (ISMS) 2
Hershal Couple of generic TickIT and ISO 27000 questions IEC 27001 - Information Security Management Systems (ISMS) 9
A ISO 27000 (Information Security Management Systems {ISMS}) Basic Questions IEC 27001 - Information Security Management Systems (ISMS) 8
Richard Regalado Free Download of ISO 27000:2009 from the ISO website IEC 27001 - Information Security Management Systems (ISMS) 5
Marc New Forum - ISO/IEC 27000 - 7 June 2010 IEC 27001 - Information Security Management Systems (ISMS) 5
S Need ISO 15189:2012 Documentation toolkit. Document Control Systems, Procedures, Forms and Templates 0
chris1price Archiving of paper records - ISO 9001 7.5.3.1b Records and Data - Quality, Legal and Other Evidence 4
M Transferring ISO 17025 from one company to another ISO 17025 related Discussions 1
D Common practices in ISO 9001 deployment ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
B ISO 17025:2017 risk management Risk Management Principles and Generic Guidelines 0
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Label Making & Printing Standards ISO / ASTM ISO 13485:2016 - Medical Device Quality Management Systems 5
Sidney Vianna Interesting Discussion Should ISO 9004 be changed from a guidance standard to a requirements standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Ed Panek ISO 13485:2016 Section 5.5.3 ISO 13485:2016 - Medical Device Quality Management Systems 3
Q Do these certificates of calibration meet ISO 9001 requirements for traceability to NIST? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
ebrahim QMS as per ISO 13485, Clause 4.2 Requirements for regulatory purposes for Medical Devices Authorized Representatives. ISO 13485:2016 - Medical Device Quality Management Systems 3
S ISO 2768-mk print call out Other ISO and International Standards and European Regulations 11
T ISO 17024, clauses 4.3.8. and 5.1.1. Other ISO and International Standards and European Regulations 4
C ISO 14001:2015 6.1.3 Compliance Obligations - Legal requirements monitoring ISO 14001:2015 Specific Discussions 0
C Requirement to link Quality Manual to ISO 9001 clause numbers? ISO 13485:2016 - Medical Device Quality Management Systems 13
D ISO 13485 scope (implantable) - Polymers for dental application EU Medical Device Regulations 9
W First time being audited (ISO 9001), asking for advice ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
John C. Abnet ISO 26262 ISO 26262 - Road vehicles – Functional safety 3
Marc ISO 26262- Road vehicles – Functional safety ISO 26262 - Road vehicles – Functional safety 0
John C. Abnet ISO 26262 IATF 16949 - Automotive Quality Systems Standard 0
A ISO/DIS 15223-1:2020 - Country of manufacture label (IEC 60417 No. 6049) - Which national law requires this symbol? Other Medical Device Related Standards 0
P ISO 14644 Class 8 Cleanroom Air Filter Requirements Other Medical Device Related Standards 4
K PDCA cycle and ISO processes alternative model Quality Management System (QMS) Manuals 14
N ISO 13485 7.3.9 Change control in medical device software ISO 13485:2016 - Medical Device Quality Management Systems 6
A ISO 13485 procedure change and reflect to legacy manufacture items ISO 13485:2016 - Medical Device Quality Management Systems 2
D ISO 13485 & CE Certification for Surgical Gloves CE Marking (Conformité Européene) / CB Scheme 0
S ISO 11137- Simulated product vs SIP Other Medical Device Related Standards 2
D Which ISO Standard to purchase? ISO 13485:2016 - Medical Device Quality Management Systems 7
V ISO 10360-5: 2020 Gap analysis and Action plan Excel .xls Spreadsheet Templates and Tools 1
Q ISO 9001 - Reseller Exclusions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
S Inventory Listing and ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 3
C ISO 45001 6.1.2.1 Hazard Identification Occupational Health & Safety Management Standards 1
T The difference between ISO 14644-3:2005 and ISO 14644:2019 Other Medical Device Related Standards 2
S Any ISO standards around Artificial Intelligence and Machine Learning? Medical Information Technology, Medical Software and Health Informatics 4
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M ISO 13485:2016 Certification Scope ISO 13485:2016 - Medical Device Quality Management Systems 2
N ISO 9001 - Training business with fewer than 5 employees ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
P Should eIFU link per ISO 15223-1:2016 be added to labels out of scope of Reg 207/2012? EU Medical Device Regulations 1

Similar threads

Top Bottom