Planning and Costs to Implement ISO / IEC 27000 - Where to start?

S

Sweetsue28uk

#1
Hi

I am hoping you can help as you have so much previously in the past. Over 2 years I was task from the ground up to get the business certified to ISO 9001:2008 which has been completed and currently running along with continual improvement and auditing.

I am now tasked with coming up with a plan and costs to bring in ISO 27000. My boss who has asked for this is very vague and I don't know where to start. Does it mean I am getting the standard for 27001? Do I need to review them all under 27000? I need help.

Also from an auditing perspective will I be able to audit this system once complete or do I need more training than what I have up to now for 9001:2008?

Any help would literally be a godsend.

x
 
Elsmar Forum Sponsor
T

TShepherd

#2
Morning,

I would suggest that you call your current Registration Company - most would be very pleased to explain what the requirements and costs would be which will allow you to develop a plan.

Then you can contact other Companies to evaluate the cost factor.

Good Luck,

Tom :2cents:
 

Richard Regalado

Trusted Information Resource
#3
Hi

I am hoping you can help as you have so much previously in the past. Over 2 years I was task from the ground up to get the business certified to ISO 9001:2008 which has been completed and currently running along with continual improvement and auditing.

I am now tasked with coming up with a plan and costs to bring in ISO 27000. My boss who has asked for this is very vague and I don't know where to start. Does it mean I am getting the standard for 27001? Do I need to review them all under 27000? I need help.

Also from an auditing perspective will I be able to audit this system once complete or do I need more training than what I have up to now for 9001:2008?

Any help would literally be a godsend.

x
Dear Sweetsue28uk,

First and foremost, ISO 27000 is the standard which contains terms and definitions (more like a lexicon) of the ISO 27000 series of standards. If your organization is looking at implementing and getting certified to an information security management system (ISMS), you should be looking at ISO/IEC 27001:2005 or ISO 27001 to make it simpler.

Where to start?
You need to ask your boss why you need to implement an ISMS. Knowing the answer will allow you to do a proper scoping. Is it the whole company? Is it one department or two or three perhaps?

Scoping
Determining the limits and boundaries of your ISMS will tell you how long the development will be. This will also give you a fairly good idea on how much you are going to spend. Tip: when scoping for an ISMS project, determine which business units process/use/store the most significant/critical information of your organization.

Once you determined the above (reason and scope), come back here and I would be glad to share with you a standard project plan which I use.

Auditing
If you are familiar with ISO 9001:2008 you know about 50% of ISO 27001:2005. The difference? Risk management. But more of that later. My wife is calling me to bed.

Goodnight everyone.

Cheers!


p.s. If you ask the Certification body, one of the initial things they will ask you is the scope. :)
 
Thread starter Similar threads Forum Replies Date
D Visible Planning & Barashi for Quality and Costs Design and Development of Products and Processes 2
G IATF NC - Contingency Planning IATF 16949 - Automotive Quality Systems Standard 2
DuncanGibbons Process flow & PFMEA for production planning and simulation activities? Process Maps, Process Mapping and Turtle Diagrams 7
C ISO 9001:2015 8.3.2. h) Design and Development Planning - What is required? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
V Clause 7.1.3.1 Plant, facility, and equipment planning Lean in Manufacturing and Service Industries 0
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
qualprod Business Continuity Planning in ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
N Example for design and development planning,input,output,review,verification,validation and transfer Misc. Quality Assurance and Business Systems Related Topics 4
Sidney Vianna Informational APQP4Wind - Advanced Product Quality Planning for the Wind Power Supply Chain APQP and PPAP 3
T 21 CFR 820.20 - Quality Planning Requirements? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
salaheddine96 Internal audit planning Internal Auditing 2
M FSMS Targets and Objectives in SMART planning Food Safety - ISO 22000, HACCP (21 CFR 120) 4
E Our company is planning to file MDD not MDR next month. Do we require to show chemical characterization report ? CE Marking (Conformité Européene) / CB Scheme 2
lanley liao How to understand the clause 6 Planning of ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
H Operational planning and product and service provision when things happen so fast ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
NDesouza AS9100 - D Capacity Planning Requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
Moncia Production Planning procedure ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
Richard Regalado Top 10 operational risks of 2019 for business continuity planning Business Continuity & Resiliency Planning (BCRP) 6
E Resources for Planning for top quality Business Continuity & Resiliency Planning (BCRP) 6
I Questions to ask when auditing for Organizational Leadership and Planning for the QMS? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M IATF 16949 (6.1.1 - Planning and Risk Analysis for a remote site) Process Maps, Process Mapping and Turtle Diagrams 5
DuncanGibbons Are there any aerospace specific requirements for material resource planning? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
S ISO 9001:2015 & ISO 14001:2015 - I need a format for Design & Development planning ISO 14001:2015 Specific Discussions 2
M Master Dot for quality planning/improvement Manufacturing and Related Processes 1
W Tying the need for Demand Planning to a section of AS9100/9110 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
W Core Process Metrics AS9100D for Product Planning? Quotes and sales? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
G Anyone working with or planning to do business in the CBD (cannabidiol) industry? US Food and Drug Administration (FDA) 1
R Linking the Processes of Continual Improvement, Change Management, Risk Management, Action Planning, etc? Preventive Action and Continuous Improvement 5
K Capturing local government development/planning activities in aspect register ISO 14001:2015 Specific Discussions 2
S ISO9001:2015 6.3 - Planning of Changes - OFI from auditor ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
Sidney Vianna AS9100 News PPAP in the Aerospace Sector - What is it? AS9145 - Requirements for Advanced Product Quality Planning and Production Part Approval Process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
Pmarszal ISO 19011:2018 - Risk Based Approach for planning, conducting and reporting of internal audits Internal Auditing 8
R ISO 9001:2015 6.2 - Planning Changes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
qualprod ISO planning annual meeting? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
S Where to keep Enterprise Resource Planning software (ERP) Validation Records ISO 13485:2016 - Medical Device Quality Management Systems 1
S We are planning to sell a Medical Device Group Canada Medical Device Regulations 1
C AS9100D, Clause 8.1 - Operational Planning and Control AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 12
J ISO 9001:2015 Cl. 6.3 Planning Changes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
Sidney Vianna FAA and DCMA to leverage OASIS data to assist in planning risk-based oversight audits Federal Aviation Administration (FAA) Standards and Requirements 3
D IATF 16949 Design and Development Planning IATF 16949 - Automotive Quality Systems Standard 1
E High level structure - Planning and operation control Occupational Health & Safety Management Standards 2
S ISO 13485 Cl. 5.4.2 - Is Documented Quality Planning required? ISO 13485:2016 - Medical Device Quality Management Systems 2
Sidney Vianna SCMH Awareness Webinar Focused on the revised Advanced Product Quality Planning APQP AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
L Documentation Planning - IEC 62304 Clause 5.1.8 IEC 62304 - Medical Device Software Life Cycle Processes 2
Q ISO 9001:2015 - Is Strategic Planning audited? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
M IATF Tool for Leadership and Planning - 2017 IATF 16949 - Automotive Quality Systems Standard 0
T FDA Design and Development Planning Requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
R Understanding a few points on ISO 9001's Design and Development Planning ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
M IATF 16949 - 7.1.3.1 Plant, Facility, and Equipment Planning - Interpretation IATF 16949 - Automotive Quality Systems Standard 8
S Planning to appear for CQIA Examination - Tips and Suggestions ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 1

Similar threads

Top Bottom