IASAP Implementation

Objective: To develop and implement the Information Assurance and Security Action Plan.

Once the IASAP document has been presented to and accepted by management, the tasks outlined in the Information Assurance and Security Action Plan can be executed. Although the staff involved in the different phases of the IS2ME method do not necessarily have to be the ones to execute these tasks, it is nevertheless convenient that they monitor and coordinate them in order to ensure that the objectives are met and the controls are correctly deployed. The correct implementation of the proposed tasks is a key step towards compliance and implantation of an ISO 27001 Information Security Management System. It is then when information security management can be approached in a conventional way.

A Coordination Project Plan is needed for the execution of the IASAP. This plan includes:

  • Acquisition/Allocation of necessary resources: These resources identified in the IASAP plan are earmarked for the tasks to be executed. Their availability within the deadlines needs to be guaranteed, as well as the possibility that some of them are allocated to simultaneous tasks.
  • Monitoring: Monitoring ensures correct execution of the tasks outlined in the action plan within the deadlines. Staff in charge of monitoring coordinates the teams working in systems with common interfaces, in order to avoid interferences in the actions deployed.
  • Review Meetings: Periodical review meetings are scheduled as well as update meetings with management to report the development of the different tasks.