Bs7799 - Stages In Implementation

By Author: John Parker
Total Articles: 4762
Comment this article

BS7799 implementation in any organization requires systematic approach and quest for perfection. The implementation is done step by step in stages. The stages involved in BS7799 implementation are enumerated below.
• Considering the needs of the organization, a decision needs to be made as to which version of the standards will be most beneficial to the organization and which meets the requirements of the business.
• Decision must be taken as to whether only BS7799 compliance is sought or the organization will go for BS7799 certification.
• People and financial resources allocations must be made to implementation of the BS7799. Usually assistance from a certifying body or consultant is required from this stage onwards.
• Define the scope of the ISMS to be implemented in the organization which should be a good representation of the area of the organizations activities.
• The existing controls in place in the organizations should be not properly documents which may include the ISO 9000 security policies.
• ...
... Identification of the gaps between the existing security and the proposed security level would bring out a list of what needs to be done further to ensure compliance with the BS7799.
• Make an inventory of all currently owned Information assets including the network systems.
• An analysis of the risk from external threats be carried out all the while comparing the impact of such risks on the business.
• Once the risks have been identified, decision must be taken on how to mange the risks. The responsibility of such risk management needs to be documented.
• Select appropriate controls if not presently implements, from the list of controls provided in BS7799 Part I and prepare a statement of application after selection of the controls.
• Policies and procedures based on the statement of application together with guidelines contained in the BS7799 should be created and properly documented.
• Implement the new controls, train all the employees in the use of the controls, and start a monitoring process.
After some period of satisfactory monitoring, and being sure of achievement of the desired levels of compliance, certification may be sought from and independent accredited body which after conduction and audit will issue a certificate under BS7799.
About Author:
John Parker writes for other such sites as Tech-Faq, you can find more of his work here What is SaaS and What is Six Sigma. Visit BS7799 - Stages in Implementation.