Skip to main content
ISO 27001 Certification

Planning & Preparation

Certification Roadmap - Phase 2
Talk with an Audit Expert

Phase 2

Planning and Preparation

Overview

The Planning and Preparation phase is a pivotal stage in the ISO 27001 certification process, designed to address the gaps identified during the Readiness Assessment and ensure your organization’s Information Security Management System (ISMS) is fully prepared for the formal certification audit.

Develop & Execute

This phase focuses on developing and executing a comprehensive plan to implement necessary changes and improvements, thereby aligning your ISMS with ISO 27001 requirements. It involves updating policies, procedures, and controls, as well as preparing and training staff to adopt the revised practices effectively.

Processes to Undertake

Development of Improvement Plan

Objective
Create a detailed plan to address the gaps and deficiencies identified in the readiness assessment.

Activities

  • Review Gap Analysis Report:Analyze the findings and recommendations from the readiness assessment report.
  • Define Action Items:Outline specific actions needed to address each identified gap, including updates to policies, procedures, and controls.
  • Assign Responsibilities:Allocate tasks to relevant team members or departments responsible for implementing the changes.
  • Establish Timelines:Set deadlines for each action item to ensure timely implementation and preparation.

Implementation of Changes

Objective
Make the necessary updates and improvements to your ISMS based on the improvement plan.

Activities

  • Update Policies and Procedures:Revise existing documentation or develop new policies and procedures to ensure they meet ISO 27001 requirements.
  • Enhance Controls:Implement or modify controls to address identified weaknesses and ensure they effectively mitigate information security risks.
  • Integrate New Practices:Incorporate updated practices into daily operations and ensure they are followed consistently.

Training and Awareness

Objective
Ensure that all relevant staff members are informed about and trained on the new or revised ISMS practices.

Activities

  • Develop Training Materials:Create or update training materials to reflect the changes in policies, procedures, and controls.
  • Conduct Training Sessions:Organize training sessions or workshops for staff to familiarize them with new practices and reinforce the importance of information security.
  • Evaluate Training Effectiveness:Assess the effectiveness of training and make adjustments if necessary to ensure all staff members understand and can implement the new practices.

Pre-Audit Review

Objective
Conduct a final review to verify that all necessary changes have been implemented and the ISMS is ready for the formal certification audit.

Activities

  • Internal Review:Perform a thorough internal review of the updated ISMS to ensure all improvements have been made and are functioning as intended.
  • Mock Audit:Consider conducting a mock audit to simulate the certification process and identify any remaining issues before the formal audit.
  • Final Adjustments:Make any final adjustments based on the review or mock audit results.

Talk With An ISO 27001 Expert

Investors & customers demanding compliance? Talk with NDB.
Book My Consultation
Phase 2: Planning & Preparation

[ Deliverables ]

Improvement Plan

A detailed plan outlining the specific actions, responsibilities, and timelines for addressing the gaps identified during the readiness assessment.

Updated ISMS Documentation

Revised policies, procedures, and control documents that reflect the necessary changes and improvements.

Training Materials and Records

Documentation of training materials and records of staff training sessions, including attendance and feedback.

Pre-Audit Review Report

A report summarizing the results of the internal review or mock audit, including any final adjustments needed before the formal certification audit.

[ Outcome ]

Audit Preparedness & Expert Guidance

The Planning and Preparation phase ensures that your ISMS is fully compliant with ISO 27001 requirements and ready for the formal certification audit. By implementing the necessary changes, updating documentation, and training staff, you will have addressed the gaps identified during the readiness assessment. This phase prepares your organization for a smooth and successful certification audit, demonstrating your commitment to maintaining high standards of information security management.

Get Started With NDB Today

Expert guidance for navigating every phase of the ISO 27001 certification process with ease, from initial assessment to final compliance and beyond.
  • Results to get your company ISO compliant
  • Expert aduit guidance through each phase
  • High compliance and audit success rate
Talk With a Compliance Expert