A person recently asked me if it was possible to implement ISO 27001 using a specific project management software product. They used the tool in the past to define project plans and make project reviews. While I told them this is entirely possible, the truth is one can implement ISO 27001 even without a project plan or any specific tools. But should they?

ISO 27001 and Information Security in Project Management

The point is that many people do not treat the implementation of ISO 27001 as a project. What is worse, the majority see this security standard as just another document kit. They believe information security could be established just by making their employees scan a set of documents. Of course, this is an entirely incorrect concept of ISO 27001. To establish information security within an organization, we need to implement a set of specifically defined procedures.

This is also analogous to establishing information security within project management itself. While most think that ISO 27001 is merely a document or a project plan a manager needs to quickly scan before the project starts, this could not be further from the truth. What we actually need to do is clearly define a guide for the implementation of information security during the entirety of the project management life cycle.

Unfortunately, a lot of people find it difficult to understand what information security in project management entails. But the concept is fairly easy to grasp – protect information related to project management from an information security point of view.

How Can We Establish Information Security in Project Management?

To properly protect information around any project, we need to focus on securing the information that is essential to the management of a specific project (information related to the project itself, business, resources, personal data, (Read more...)