Register now or log in to join your professional community.
The biggest challenges I met whilst implementing ISO 27001 are as follows:
1) The management is very resistant to change and it requires great persuasive skills to make them sign off on the implementation. They are mostly into the benefits of implementation. Try to make great case for ROI. It works.
2) The risk assessment aspect of the entire enterprise. You can't do it all by yourself. You have to rope in the various department heads to participate and sign off on the risk assessment procedure. It requires a lot of diplomacy and man management skills. And a lot of communications with stake holders.
3) Gap assessment is also a challenge. Assessing the existing security posture and then evaluating the treatments required to reach the target posture. Sometimes people are happy with the existing controls and have a resistance to change. We have to make trade offs and a great deal of persuading.
There are plenty more but these are the biggest ones I experienced.
There are many but for sure defining the scope is the biggest challenge in Implementing ISO 27001.
