Planning and Costs to Implement ISO / IEC 27000 - Where to start?

S

Sweetsue28uk

#1
Hi

I am hoping you can help as you have so much previously in the past. Over 2 years I was task from the ground up to get the business certified to ISO 9001:2008 which has been completed and currently running along with continual improvement and auditing.

I am now tasked with coming up with a plan and costs to bring in ISO 27000. My boss who has asked for this is very vague and I don't know where to start. Does it mean I am getting the standard for 27001? Do I need to review them all under 27000? I need help.

Also from an auditing perspective will I be able to audit this system once complete or do I need more training than what I have up to now for 9001:2008?

Any help would literally be a godsend.

x
 
Elsmar Forum Sponsor
T

TShepherd

#2
Morning,

I would suggest that you call your current Registration Company - most would be very pleased to explain what the requirements and costs would be which will allow you to develop a plan.

Then you can contact other Companies to evaluate the cost factor.

Good Luck,

Tom :2cents:
 

Richard Regalado

Trusted Information Resource
#3
Hi

I am hoping you can help as you have so much previously in the past. Over 2 years I was task from the ground up to get the business certified to ISO 9001:2008 which has been completed and currently running along with continual improvement and auditing.

I am now tasked with coming up with a plan and costs to bring in ISO 27000. My boss who has asked for this is very vague and I don't know where to start. Does it mean I am getting the standard for 27001? Do I need to review them all under 27000? I need help.

Also from an auditing perspective will I be able to audit this system once complete or do I need more training than what I have up to now for 9001:2008?

Any help would literally be a godsend.

x
Dear Sweetsue28uk,

First and foremost, ISO 27000 is the standard which contains terms and definitions (more like a lexicon) of the ISO 27000 series of standards. If your organization is looking at implementing and getting certified to an information security management system (ISMS), you should be looking at ISO/IEC 27001:2005 or ISO 27001 to make it simpler.

Where to start?
You need to ask your boss why you need to implement an ISMS. Knowing the answer will allow you to do a proper scoping. Is it the whole company? Is it one department or two or three perhaps?

Scoping
Determining the limits and boundaries of your ISMS will tell you how long the development will be. This will also give you a fairly good idea on how much you are going to spend. Tip: when scoping for an ISMS project, determine which business units process/use/store the most significant/critical information of your organization.

Once you determined the above (reason and scope), come back here and I would be glad to share with you a standard project plan which I use.

Auditing
If you are familiar with ISO 9001:2008 you know about 50% of ISO 27001:2005. The difference? Risk management. But more of that later. My wife is calling me to bed.

Goodnight everyone.

Cheers!


p.s. If you ask the Certification body, one of the initial things they will ask you is the scope. :)
 
Thread starter Similar threads Forum Replies Date
D Visible Planning & Barashi for Quality and Costs Design and Development of Products and Processes 2
NDesouza AS9100 - D Capacity Planning Requirements AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 4
Moncia Production Planning procedure ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
Richard Regalado Top 10 operational risks of 2019 for business continuity planning Business Continuity & Resiliency Planning (BCRP) 6
E Resources for Planning for top quality Business Continuity & Resiliency Planning (BCRP) 6
I Questions to ask when auditing for Organizational Leadership and Planning for the QMS? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M IATF 16949 (6.1.1 - Planning and Risk Analysis for a remote site) Process Maps, Process Mapping and Turtle Diagrams 5
DuncanGibbons Are there any aerospace specific requirements for material resource planning? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 1
S ISO 9001:2015 & ISO 14001:2015 - I need a format for Design & Development planning ISO 14001:2015 Specific Discussions 2
M Master Dot for quality planning/improvement Manufacturing and Related Processes 1
W Tying the need for Demand Planning to a section of AS9100/9110 AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 4
W Core Process Metrics AS9100D for Product Planning? Quotes and sales? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 1
G Anyone working with or planning to do business in the CBD (cannabidiol) industry? US Food and Drug Administration (FDA) 1
R Linking the Processes of Continual Improvement, Change Management, Risk Management, Action Planning, etc? Preventive Action and Continuous Improvement 5
K Capturing local government development/planning activities in aspect register ISO 14001:2015 Specific Discussions 2
S ISO9001:2015 6.3 - Planning of Changes - OFI from auditor ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
Sidney Vianna AS9100 News PPAP in the Aerospace Sector - What is it? AS9145 - Requirements for Advanced Product Quality Planning and Production Part Approval Process AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 10
Pmarszal ISO 19011:2018 - Risk Based Approach for planning, conducting and reporting of internal audits Internal Auditing 8
R ISO 9001:2015 6.2 - Planning Changes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
Q ISO planning annual meeting? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
S Where to keep Enterprise Resource Planning software (ERP) Validation Records ISO 13485:2016 - Medical Device Quality Management Systems 1
S We are planning to sell a Medical Device Group Canada Medical Device Regulations 1
C AS9100D, Clause 8.1 - Operational Planning and Control AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 12
J ISO 9001:2015 Cl. 6.3 Planning Changes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
Sidney Vianna FAA and DCMA to leverage OASIS data to assist in planning risk-based oversight audits Federal Aviation Administration (FAA) Standards and Requirements 3
D IATF 16949 Design and Development Planning IATF 16949 - Automotive Quality Systems Standard 1
E High level structure - Planning and operation control Occupational Health & Safety Management Standards 2
S ISO 13485 Cl. 5.4.2 - Is Documented Quality Planning required? ISO 13485:2016 - Medical Device Quality Management Systems 2
Sidney Vianna SCMH Awareness Webinar Focused on the revised Advanced Product Quality Planning APQP AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 0
L Documentation Planning - IEC 62304 Clause 5.1.8 IEC 62304 - Medical Device Software Life Cycle Processes 2
Q ISO 9001:2015 - Is Strategic Planning audited? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
M IATF Tool for Leadership and Planning - 2017 IATF 16949 - Automotive Quality Systems Standard 0
T FDA Design and Development Planning Requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
R Understanding a few points on ISO 9001's Design and Development Planning ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
M IATF 16949 - 7.1.3.1 Plant, Facility, and Equipment Planning - Interpretation IATF 16949 - Automotive Quality Systems Standard 8
S Planning to appear for CQIA Examination - Tips and Suggestions ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 1
S What do I have to do for ISO 9001:2015 Clause 6.2 - Planning ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
M Integrated Phased Processes - AS9100D cl. 8.1 Operational Planning - Clarification AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 8
C Review the IT Disaster Recovery Planning Process IT (Information Technology) Service Management 8
B AS9120 Internal Audit Scheduling & Planning AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 6
S Forecasting and Material Planning - Are formal procedures required? Document Control Systems, Procedures, Forms and Templates 3
K TS 16949 Planning Phase: Raw Materials purchased from Distributer and the PPAP impact IATF 16949 - Automotive Quality Systems Standard 3
R Audit Planning - Process Audit agenda - VDA 6.3 VDA Standards - Germany's Automotive Standards 4
C Software Planning Tool for Equipment Qualifications, Process Validations Software Quality Assurance 3
S Resource Planning/How to identify IATF 16949 - Automotive Quality Systems Standard 1
M Risk Assessment & Contingency Planning (API Q1, 9th. Ed.) Oil and Gas Industry Standards and Regulations 9
A Medical Device Licensing - We are planning to sell another product Canada Medical Device Regulations 2
N Internal Process Audits - 7.1 Planning - How do YOU audit it? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
K Disaster Recovery and Business Continuity Planning - Where to start? Business Continuity & Resiliency Planning (BCRP) 18
B Lockheed Q2R Revision 10 FAI Planning Example AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 2
Similar threads


















































Top Bottom