Skip over navigation
Ultima Risk Management Logo linking to homepage
  • Contact us
  • Site map
  • Home
  • Consultancy
    • Introduction
    • Information Security (ISO 27001)
    • Business Continuity Management (BS 25999)
    • PCI DSS
    • IT Service Management (ITIL & ISO 20000)
    • Data Protection
    • Information Risk Management
    • Software Asset Management
    • Polices & Procedures
  • Training
    • Training Courses
    • CISMP - ISEB Certificate in Information Security Management Principles
    • PCBCM - ISEB Practitioner Certificate in Business Continuity Management
    • PCIRM - ISEB Practitioner Certificate in Information Risk Management
    • SAM - ISEB Certificate in Software Asset Management Essentials
    • PCSAM - ISEB Practitioner Certificate in Software Asset Management
    • BCM - BCI Understanding BCM Principles and Good Practice
    • All other courses
    • Training Schedule
  • Products
    • ISO 27001 Risk Assessment Tool
    • BS 25999 Risk Assessment Tool
  • Events
    • BS 25999 Implementation Seminar
  • Case Studies
    • Audatex - Global first Dual certification
  • About us
    • Company Profile
    • URM's Partners
    • How to contact us
Home / Consultancy / Information Security (ISO 27001) / ISO 27001 PDCA Lifecycle / Plan Phase
getting the balance right
Getting the Balance Right

ISO 27001 Plan Phase

Ensure ISMS is appropriate and proportional

The essence of implementing ISO 27001 is very much about achieving balance and the optimum management system i.e. a coherent suite of processes and systems for effectively managing information security. As an organisation which has been involved in assisting many organisations comply or certify with the Standard URM is only too aware that it is absolutely critical that the ISMS reflects the size of the organisation, the nature of its business and its appetite for risk. It is, for example, essential that the management system is sustainable and manageable from an internal resource perspective The foundation of any certification project is the initial and on going assessment of risks.

ISO 27001 - Risk Assessment

As part of the Plan Phase and In order to identify an organisation’s security requirements, a risk assessment must be carried out in line with ISO 27001. This will identify the risks to which an organisation is exposed and, therefore, the policies, processes and controls that must be developed and implemented to manage them. Controls applied should be proportionate to the degree of risk facing the organisation.

URM's consultancy team has been assisting organisations across a wide range of market sectors to comply or to certify to ISO 27001 since it was first published. To support this work, URM has developed a fully compatible information security risk management methodology and risk assessment tool.

Back to lifecycle overview
  • Introduction
  • Information Security (ISO 27001)
    • Relationship between ISO 27002 & ISO 27001
    • How to Comply with ISO 27002 or Certify to ISO 27001
    • ISO 27001 Awareness Training
    • ISO 27001 Case Studies
  • Business Continuity Management (BS 25999)
  • PCI DSS
  • IT Service Management (ITIL & ISO 20000)
  • Data Protection
  • Information Risk Management
  • Software Asset Management
  • Polices & Procedures

Copyright © Ultima Risk Management, 2008. All Rights Reserved.

contact us | careers | terms of use | privacy | site map