c. What are the Major Steps of Establishing and Implementing ISMS to ISO/IEC 27001?
ISO/IEC 27001 provides a model for establishing, implementing, maintaining and continually improving an ISMS:
-
Define the scope, boundary and policy of ISMS
-
Define the risk assessment approcah of the organisation
-
Identify and evaluate risk and options for the relevant treatment
-
Select appropriate control objectives and controls for the treatment for risks
-
Obtain management approval of the proposed residual risks
-
Obtain management authorisation to implement and operate the ISMS
-
Monitor, review, maintain and improve the ISMS continuously