ISO IEC 27001 2013 PIE FARM METHODOLOGY

ISO/IEC 27001:2013
PIE FARM METHODOLOGY
Source
1. PLAN AND PREPARE
2. IDENTIFICATE & ISOLATE
3. EVALUATE
4. FIX
5. ASSESS
Pre-certification audit
Conduct a mock audit
Identify all Non-Conformities(NCs)
Take relevant actions to close identified NCs
Identify and contact a certification body for the audit
Certification
Phase 1
Document review
1 day
Mandatory
Phase 2
Control review
Multi-day based on scope
Mandatory
1 day
Mandatory
Control review
Multi-day based on scope
Mandatory
6. REPORT
Accredited body reports on any non conformities or areas requiring improvement
7. MAINTAIN
Organisation's Security Steering Committee has a post-assessment wash up meeting
Security Steering Committee schedules regular review meetings
People with specific duties and responsibilities, schedule their actions for ongoing maintenance
Consider the use of a suitable Governance, Risk & Compliance platform
Regularly test the Business Continuity Plan (BCP) and Security Incident Response Plan (SIRP)
Carry out periodic internal audits
Carry out periodic due diligence activities on all 3rd parties
13