Building ISO 27001 Security Program (High Level) Roadmap

Building ISO 27001 Security Program (High Level) Roadmap

This is assuming there isn’t any certifications or audits completed for the organization.

3 Months

  • Create a ISMS Policy and Define ISMS Scope
  • Complete 27001 Gap Analysis
  • Build a Policy Portal
  • Develop new policies required from the 27001 Gap Analysis
  • Develop procedures to enact the policies requirements
  • Research and Select GRC Tool for the organization
  • Assign Roles and responsibilities for ISO 27001
  • IF NO SECURITY TRAINING TOOL: Create security awareness and educational trainings for the company and specific teams (For the time being)
  • Complete ISO 27001 Risk Assessment

6 Months

  • Create a governance program for different security areas like Infrastructure, Application, HR and Personnel Security, SOC and others
  • Develop a Risk Management Process
  • Deploy and Integrate GRC Tools across functional teams
  • Continue to update policies
  • Identify critical security audit areas, establish the audit process and have completed audit of few areas
  • Create and update security risk metrics to measure the risk levels across systems and processes
  • Research and Select Security Awareness Training Tool for the organization

7 Months

  • Rollout security awareness trainings for the company and Engineering teams using Security Awareness Training tool

8 Months

  • Complete internal audit of critical processes and as required for ISO 27001
  • Complete Statement of Applicability
  • Complete risk assessments of high risk processes and come up with gaps and recommendations
  • Continue to update policies

12 Months

  • Successfully complete ISO 27001 certification

Next post will be covering building a SOC2 Security program roadmap.

You can purchase some of my prepared ISO 27001 documents that are ready for download at

Share Tweet Send
You've successfully subscribed to Songer Tech
Great! Next, complete checkout for full access to Songer Tech
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.