What is ISO 27001?

ISO 27001 is the worlds most popular standard for information security. It is applicable for industries where information systems play critical role in operations or business. The aim of ISO 27001 standard is to protect information security through implementation of applicable controls. ISO 27001 is an Information Security Management System (ISMS) standard. It specifies requirements for an ISMS.

Information security is becoming a mandatory requirement for doing business with international clients.
  • ISO 27001 is universally recognised and hence helps in getting new clients
  • Preparedness to plan for disasters and be operational even periods of disruption
  • Improved Information Security
  • Certification increases the Customers confidence in Suppliers Information Security systems
  • Regular assessments ensure the organization continually uses, monitors and improves their processes
  • Employee involvement and thus commitment
  • Improved Information Security awareness throughout the organisation.

Achieving ISO 27001 is only beginning of the journey, sustaining the same over time is a bigger challenge. ISO has very high expectations on managing the ISMS properly through document control system and maintaining records and showing quantitative process improvements. ISO 27001 itself prescribes maintaining 20+ mandatory records and typically as per organizational requirements, it may go up to 40 types of records being maintained.

Our Adaptive Process Accelerator comes pre-built with 50+ standard proven ISMS processes and all required policies and guidelines which can be easily tailored by the organization. It also has 30+ data management modules such as Asset Tracker, Risk Tracker, Visitor Tracker, Material Movements Tracker, Service Tracker, Audit Plan and Track, Employee Skill Tracking, Training Tracking, Defects Tracking, Record Control Matrix, Document Control Matrix, Supplier Tracking including Supplier Evaluation etc.

All this means the organization can save huge amount of time and effort in implementing ISO 27001. Again, being an integrated product for ISO 9001 and CMMI, organization?s investment remains intact when the organization decides to implement other related standards.

ISO 27001 Implementation Plan

Task Primary Responsibility Secondary Responsibility Deliverables
Kick-off meeting Adaptive Client Minutes of Meeting
Project Plan Preparation Adaptive Client Project Plan
Key person orientation training Adaptive Client Training Attendance Record
Project Preparation Adaptive Client -
VAPT Client Adaptive VAPT Report
Review ISMS Policies Adaptive Client ISMS Policy
ISMS Manual Client Adaptive ISMS Manual
Prepare Statement of Applicability Adaptive Client Statement of applicability
Establish ISMS Objectives Adaptive Client ISMS Objectives
APMS Tool trial installation Adaptive Client Installed trial Application
Management Review & Approve policies and objectives Client Adaptive Approved Policies and objectives
Asset Identification Client Adaptive Asset List
Review ISMS Processes Adaptive Client ISMS Manual
Awareness Training Material Adaptive Client Training
Risk Identification and Treatment Adaptive Client RARTP
Awareness Training Adaptive Client Training
Milestone : Management Review - Approve Processes Client Adaptive Asset
Implementation Client Adaptive -
Establish Business Impact Analysis Adaptive Client BIA Report
Establish BCP Planning Adaptive Client BCP Plan
Process Implementation Client Adaptive -
Liaison with Certification Agency Client Adaptive -
Internal Audit Cycle 1 Adaptive Client Audit Reports
Closure of Audit Action Items Client Adaptive Audit Reports
BCP Testing Adaptive Client BCP Test Results
Management Review Meeting Client Adaptive MOM
Document Review by External Auditor Adaptive Client -
Document Review by External Auditor Client Adaptive Document Review Findings
Closure of Document Review Findings Client Adaptive Document Review Findings Closure
Milestone : Management Review Meeting Client Adaptive MOM
External Audit Preparations Client Adaptive -
Internal Audit Cycle 2 Adaptive Client Audit Reports
Audit Closure Findings Client Adaptive -
Management Review Meeting Client Adaptive MOM
Ext. Certification Audit Client Adaptive Audit Findings
Closure of External Audit Findings Client Adaptive Closure of audit findings

GRCPerfect Modules for ISO 27001

An Effective ISO 27001 compliance management tool to reduce the effort and cost significantly.


  • Asset Master including Allocation, Movement and Component tracking
  • Automated Risk Analysis and Treatment Plan
  • Business Impact Analysis
  • Threat and Vulnerability analysis
  • Asset Service Records
  • Management Review Meetings
  • Action Item Tracking as per ISO 27001
  • Incident Tracking
  • Visitor Tracker
  • Material Movements Tracker

Request for GRCPerfect demo