5 tips to get ISO 27001 project approval

Planning and presenting an information security plan for leadership approval can be a challenge. You’ll need to put your sales hat on and be persuasive. The message needs to be clear, in common business terms, and state the facts.

Implementation will involve a heavy investment and stakeholders will want to know the return on investment. Before creating your presentation, you’ll need to commit time to research and forecast.

Tips to get started

  1. Understand your current situation: Assess and record the present security posture. This will help identify gaps between where you are and what you want to achieve.
  2. Research: Benchmark the challenges other companies have experienced. ISO, the International Organization for Standardization, provides economic reports and studies that you can use to get started.
  3. Forecast possible threats: Objectively evaluate the risks facing existing networks and systems. Penetration tests can help with this process.
  4. Identify resources needed: Outline your security policy to identify what will be needed. Do you have a team to provide support or will recruitment be required?
  5. Show proof: Case studies document challenges, processes, and successes that other organizations have experienced and can provide strong argument in favor of ISO 27001.

Presentation guidance

When communicating with top-level stakeholders, it’s important to present your argument in an understandable business language.

ISO27001-bundleThe ISO 27001 Expertise Bundle is geared towards the business professional and will help you plan and speak in an effective way in order to gain strategy approval.

This bundle contains valuable case studies that demonstrate the damage that security breaches can cause. It also includes a guide to the essential sales skills you’ll need in order to persuade company directors to invest money and resources into your information security initiatives, and describes the first steps to take once you gain approval.

End your presentation on a strong note

Make it a point to emphasize that an effective ISMS, like ISO 27001, will pay for itself if just one attack occurs. A medium-sized incident could be enormously detrimental to any business – a large incident could end the company. Protect your company by ensuring your systems are protected with ISO 27001.

Leave a Reply

Your email address will not be published. Required fields are marked *