An example:
Suppose you want to set up an Information Security Management System ISMS acc. to ISO 27001.

Then we commonly would …

  • set up a Project Plan incl. Effort Estimation and Schedule
  • get the Management Commitment
  • perform a Risk Analysis
  • implement the ISMS Controls
  • care for a Training
  • support the Monitoring of the Controls
  • perform an Internal Audit
  • do a Management Review
  • achieve the ISO 27001 Certificate