ISO 27000 - Starting from Scratch for a Smallish Law Firm

#1
Greetings fellow Covers,

I'm beginning a new job at a law firm. Right now, we are small but we have big clients and I think it would add some value to start working towards IT security standards. But I have no idea where to start. For my last job, I walked into a ISO 13485, ISO 9001 certified organization.

Any help is appreciated.

Thanks and best,

supadrai
 
Elsmar Forum Sponsor
#2
Hello supadrai,

well, there's a lot of work to do my friend. Let's first grab a copy of (1) ISO/IEC 27001 which specifies the requirements for Information security management systems and (2) ISO/IEC 27003:2017 which is the guideline for implementing an information security management system in accordance with ISO/IEC 27001 requirements.

Apart from the above mentioned, i would personally suggest that you start by wrapping your head around the very basic idea of information security management:

1. Identify and evaluate risks to the security of information.
2. Identify and employ controls to reduce/mitigate each risk.
3. Monitor, evaluate and improve the effectiveness of the controls used to reduce the risks to your company's security of information.

Please let me know if this begins to answer your question, and i will be available for any additional questions you may have.
 
#4
And before you even do that, decide what information you need to keep secure. Then, once you have that understanding, you can look at risks.
Yes absolutely, this is maybe the most important part for determining both risk level and controls to be implemented.
 
Thread starter Similar threads Forum Replies Date
K ISO/IEC 27000, ISO 15408 and the DSS security clearance (FCL) -- Oh, My IEC 27001 - Information Security Management Systems (ISMS) 0
W What are the benefits of ISO 27000 to my company? IEC 27001 - Information Security Management Systems (ISMS) 5
P Where to start to helping other companies to get ISO IEC 27000? Consultants and Consulting 1
Richard Regalado ISO/IEC 27000:2014 - Information technology - Overview and vocabulary (FREE download) IEC 27001 - Information Security Management Systems (ISMS) 4
T Are there any International Conferences related to ISO/IEC 27000 series standards IEC 27001 - Information Security Management Systems (ISMS) 1
Hershal PAC (Pacific Accreditation Cooperation) guidance on application of ISO/IEC 27000 IEC 27001 - Information Security Management Systems (ISMS) 0
S Planning and Costs to Implement ISO / IEC 27000 - Where to start? IEC 27001 - Information Security Management Systems (ISMS) 2
Hershal Couple of generic TickIT and ISO 27000 questions IEC 27001 - Information Security Management Systems (ISMS) 9
A ISO 27000 (Information Security Management Systems {ISMS}) Basic Questions IEC 27001 - Information Security Management Systems (ISMS) 8
Richard Regalado Free Download of ISO 27000:2009 from the ISO website IEC 27001 - Information Security Management Systems (ISMS) 5
Marc New Forum - ISO/IEC 27000 - 7 June 2010 IEC 27001 - Information Security Management Systems (ISMS) 5
LostLouie DHF linked to ISO 13485:2016? ISO 13485:2016 - Medical Device Quality Management Systems 4
L ISO 27001:2022 IEC 27001 - Information Security Management Systems (ISMS) 1
L ISO 9001, 14001, 45001 Audit Questions for a Security & Corporate Affairs Department ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
B ISO 13485 Certificate Location / Scope ISO 13485:2016 - Medical Device Quality Management Systems 9
Moncia Full system pre certification audit ISO 50001 Other ISO and International Standards and European Regulations 8
C Test Method Validation - ISO Standards Qualification and Validation (including 21 CFR Part 11) 1
M ISO 13485 Supplier Question ISO 13485:2016 - Medical Device Quality Management Systems 13
giavannatabbs ISO 9001:2015 Control of Records - QMS Communications? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
O ISO 14971 on Hazards during service/installation ISO 14971 - Medical Device Risk Management 2
P Biocompatibility testing ISO-10993 for FDA submission Other Medical Device Related Standards 7
M ISO 13485:2016 Identification & Traceability ISO 13485:2016 - Medical Device Quality Management Systems 4
K Clause 7.5.2 of ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 5
Sidney Vianna Informational Being developed ISO 30201 Human Resource Management System — Requirements Other ISO and International Standards and European Regulations 6
Sidney Vianna Informational ISO 30415:2021 Human resource management — Diversity and inclusion Other ISO and International Standards and European Regulations 2
H ISO 9001:2015 - 8.5.1 - Routers not being signed Manufacturing and Related Processes 5
Q Documented information ISO 9001:14001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
M Is there a mandatory requirement to notify customers of the complaint resolution in ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
J ISO 9001:2015 Document Revison History ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
Q Risk Management ISO 14971 - Probability of Occurrence ISO 14971 - Medical Device Risk Management 8
Z Risk Management SOP ISO 14971 ISO 14971 - Medical Device Risk Management 1
C Medical Device Gamma Irradiation Validation per VDmax25 (ISO 11137) Qualification and Validation (including 21 CFR Part 11) 1
J ISO 13485 and new warehousing ISO 13485:2016 - Medical Device Quality Management Systems 2
Richard Regalado Informational ISO/IEC 27001:2022 has been published IEC 27001 - Information Security Management Systems (ISMS) 0
A Applying for ISO 13485 certification ISO 13485:2016 - Medical Device Quality Management Systems 8
Q KPI rules for ISO 9001 first certification ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
Ed Panek Auditor Feedback ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 12
K Help with ISO 14971: Benefit-Risk Analysis ISO 14971 - Medical Device Risk Management 3
A ISO 80601-2-30 - the rated range of cuff pressure in the IFU Other Medical Device Related Standards 0
V ISO 17025 Accreditation Consulting Needed ISO 17025 related Discussions 1
S ISO 13485 certification training Training - Internal, External, Online and Distance Learning 1
B New to ISO 14971. Comparing to MIL-STD-882 ISO 14971 - Medical Device Risk Management 7
Sidney Vianna Informational ISO Net Zero Guidelines - Free Download Sustainability, Green Initiatives and Ecology 4
Sidney Vianna Tesla Lacks Major Automotive Quality Certifications such as IATF 16949 and ISO 9001 IATF 16949 - Automotive Quality Systems Standard 15
D Is Good Laboratory Practice (GLP) Required in ISO 17025? ISO 17025 related Discussions 4
Ed Panek ISO 13485 Reporting Requirements ISO 13485:2016 - Medical Device Quality Management Systems 4
Cats Clause ISO 9001 - verification of Tape Measures and Steel rules ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 33
W Looking for IATF 16949 (and ISO 17025) QMS software Suggestions Quality Tools, Improvement and Analysis 8
Doninina Risk management file according MDR or ISO 14971:P2019 ? EU Medical Device Regulations 2
B Multisite Certification Requirements for ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 8

Similar threads

Top Bottom