50Step 10. Implement The Controls & Mandatory Procedures This might be easier said than done. This is where you have to implement the documents and records required by clauses 4 to 10
of the standard, and the applicable controls from Annex A. For more about ISO 27001- required documents and records, read the article List of mandatory documents required by ISO 27001.
For more about Annex A, read the article How to structure the documents for ISO 27001 Annex A controls This is usually the riskiest task in your project because it means enforcing new behavior in your organization. Often, new policies and procedures are needed meaning that change is needed, and people usually resist change – this is why the next task (training and awareness) is crucial for avoiding that risk.
Step 11. Implement Training And Awareness Programs If you want your personnel to implement all of the
new policies and procedures, first you have to explain to them why they are necessary, and train your people to be able to perform as expected. The absence of these activities in a management system is the second most common reason for ISO 27001 project failure.
Share with your friends: 
