ISO 27001 Plan Phase

Ensure ISMS is appropriate and proportional

The essence of implementing ISO 27001 is very much about achieving balance and the optimum management system i.e. a coherent suite of processes and systems for effectively managing information security. As an organisation which has been involved in assisting many organisations comply or certify with the Standard URM is only too aware that it is absolutely critical that the ISMS reflects the size of the organisation, the nature of its business and its appetite for risk. It is, for example, essential that the management system is sustainable and manageable from an internal resource perspective The foundation of any certification project is the initial and on going assessment of risks.

ISO 27001 - Risk Assessment

As part of the Plan Phase and In order to identify an organisation’s security requirements, a risk assessment must be carried out in line with ISO 27001. This will identify the risks to which an organisation is exposed and, therefore, the policies, processes and controls that must be developed and implemented to manage them. Controls applied should be proportionate to the degree of risk facing the organisation.

URM's consultancy team has been assisting organisations across a wide range of market sectors to comply or to certify to ISO 27001 since it was first published. To support this work, URM has developed a fully compatible information security risk management methodology and risk assessment tool.

Back to lifecycle overview

• Introduction
• Information Security (ISO 27001)
  • Relationship between ISO 27002 & ISO 27001
  • How to Comply with ISO 27002 or Certify to ISO 27001
  • Information Security Best Practice - DMA DataSeal
  • ISO 27001 Awareness Training
  • ISO 27001 Case Studies
• Business Continuity Management (BS 25999)
• PCI DSS
• IT Service Management (ITIL & ISO 20000)
• Data Protection
• Information Risk Management
• Software Asset Management
• Polices & Procedures