ISO27001 Centification for DSH has completed the Initial Risk Analysis and planning is under way.
- Report Date
- November 2018
Report For November 2018
Achievements in the last Period.
- The 2nd Iteration of The Security Risk Assessment has been delivered.
- We reviewed the above and the accompanying report and agreed an initial set of actions to push us toward an agreed plan.
- We have ben instructed that Splunk will be the technical solution we use for SIEM.
- Initial plan is in progress. With meeting planned to initiate the primary work packages:
- Governance
- Review what governance is required around the ISMS.
- I believe the right questions have been asked and once we havethe answers we should be able to sign this off and get the governance in place.
- Roles And Responsibilities.
- Tied in with the above.
- Statement Of Applicability.
- Not yet started.
Key Tasks For Next Period
- Get high level requirements for SIEM from the technical team and progress with Splunk.
- Progress the Governance, Roles and Responsibilities, Statement of Applicability and HR Work packages.
- Refine and agree plan to certification.
- Initiate Policies and Procedures now we have visibility of the standards.
Issues
- The Technical have been pretty well pulled into other non DSH work that is currently deemed higher priority. This will have significant impact potentially until the end of the year.
Milestones
| Stage | Milestone | Due Date | Previous Date | Complete | |
|---|---|---|---|---|---|
| Deliver | Complete Primary Work Packages. | 31-Jan-2019 | No date available | No | |
| Initiate | Initiate Traunch 2 Work Packages. | 31-Jan-2019 | No date available | No | |
| Analyse | Clarify Dependency for Policy and Procedures. | 31-Jan-2019 | No date available | No | |
| Analyse | Clarify Dependency for Incident Management. | 31-Jan-2019 | No date available | No | |
| Deliver | Complete Traunch 2 Work Packages. | 31-Jul-2019 | No date available | No |