[this is a series of 6 short stories – explaining how to setup ISO27001 framework and operational ISMS in 5Days. Every day we spend 1 hour interviewing CEO/COO and 1 hour with CTO – tackling the Business and Tech topics in our 5DaysIntensive ISMS Program (5DII)] 

This is the final day of our 5DaysIntesive ISMS Program, during the 5Days we already make use of our Compliance tool (the Kanban board) – so the Venture is already familiar with our Compleye Tool. During this final day we are preparing the Compleye Tool for sharing responsibilities. If there are any loose ends – this will be addressed in the last interviews with CEO and COO.  

And then we start drawing up some mandatory Certification documents – of course in concept – because all formal certification documentation needs to be approved by you.  

Management Review – a formal document addressing all the 11 mandatory ISO27001 topics. During the 5DII we have collected evidence and now we align them to the right topics, and we draw up suggestions for improvements.  
 
Statement of Applicability (SoA)– this is an overview of all the Annex A (part of the ISO27001 norm), and we need to address them on 3 levels: 

  • Documented – did you document policy/procedure for this? 
  • Implemented – did you implement it in your organisation? 
  • Operational – do you have evidence that this is already a running gig?  

The SoA, together with the Management Review and the ISO27002 set of controls – give us a clarity on where you stand at this moment. And those overviews are the input for the final list of improvements, that we will present by the end of the day.  

We all wrap this up in a final presentation – Show Time – at the end of the day we share the final Compliance Kanban Board, with all the mandatory documentation in place. That is a first official check in the box of ISO27001. And the final presentation includes a list of improvements, ready to be assigned to an owner and ready for the next phase.  
 
Because Yes, in 5days, we have setup your ISMS Framework accordingly to ISO27001 standards. And Yes, depending on collected evidence and co-creation during 5Days, you are (partly) operational compliant. However, it is our experience that you are not 100% operational yet and need to implement some improvements. Although you have made an awesome step forward in becoming compliant.  
 
In our final presentation we will give you 3 options on how to proceed.  

  1. Fast Track – with monthly support from Compleye – certification within 6 months; 
  1. Easy Track – with quarterly support from Compleye – certification within 1 year; 
  1. DIY – by making use of the Compleye Tools and design your own certification process.  

We are proud to say that all our customers continue working with us – however happy to onboard customers that will try the DIY Roadmap as well.