An example:
Suppose you want to set up an Information Security Management System ISMS acc. to ISO 27001.
Then we commonly would …
- set up a Project Plan incl. Effort Estimation and Schedule
- get the Management Commitment
- perform a Risk Analysis
- implement the ISMS Controls
- care for a Training
- support the Monitoring of the Controls
- perform an Internal Audit
- do a Management Review
- achieve the ISO 27001 Certificate