This article will give you an overview of best practices for using Experta when leading an implementation project in a company.
To get the maximum benefits from Experta, it is recommended that you try out the features in the sequence they are listed below:
2) Find exactly what to do for each clause of the standard
3) Find the most popular questions per each topic
5) Find everything Experta has answered you
1) Learn about implementation
In order to prepare for each implementation aspect, learn about the details of a standard through the Guided learning feature – its purpose is to teach you the details of a particular topic.
For example, you can learn about the details of:
- setting the scope
- organizing implementation in a company
- risk management
- overview of Annex A controls
- preparing for a certification
- etc.
To start Guided learning, click the menu item from the main menu:
… and then click the Guided learning you are interested in:
You will notice that the guided learning will automatically start, taking you through all the important questions related to the topic you have chosen.
2) Find exactly what to do for each clause of the standard
To know what the standard requires and how to perform the most important activities for each clause of the standard, use the Explore by clause feature – its purpose is to make it easier for you to find the most important questions about each clause.
For example, for each clause, you’ll find the following questions:
- What is clause xyz?
- How to document clause xyz?
- How to implement clause xyz?
- What evidence the auditor will look for regarding clause xyz?
To start Explore by clause, click the menu item from the main menu:
… and then click the clause you are interested in:
You will notice that the relevant set of questions will be automatically displayed – simply click any of these questions, and Experta will answer you instantly.
3) Find the most popular questions per each topic
If you want to prepare for the most common questions your colleagues might ask you during the implementation, use the Explore by topic feature – its purpose is to show the most common questions for any given topic.
To start the Explore by clause feature, click the menu item from the main menu:
… and then click the topic you’re interested in:
You’ll notice that Experta will show you the 3 most popular questions from that topic – simply click any of these questions, and Experta will answer you right away.
4) Ask questions on your own
Once you explore all the questions that Experta is suggesting, it is time to start asking your own questions. (The questions below are presented for ISO 27001, but feel free to ask similar questions for other standards.)
Here are some ideas on what to ask…
Basic questions to start with
If you want to learn about the basics, here are some ideas on what you could ask:
- What are the main benefits of ISO 27001? https://experta.com/shared-post/dd6e6752-b747-4d87-87d7-d131a5d4c472
- What are ISO 27001 clauses? https://experta.com/shared-post/1acab0ec-f95e-41e9-9abc-3fc70d340840
- What is an ISMS? https://experta.com/shared-post/8d3223ef-cde3-49c3-a9f5-a85de97ca817
How to organize a project
Here are some questions that you can ask to help you organize the implementation project:
- What are the steps in ISO 27001 implementation? https://experta.com/shared-post/1f86b2f9-b998-40b0-aaa9-dacf510fd883
- How long does it take to implement ISO 27001? https://experta.com/shared-post/b2a31291-158a-4dd5-810c-64659772d5d6
- How much does it cost to implement ISO 27001? https://experta.com/shared-post/1265800d-4906-42fd-a9bb-a12a38f9973e
- How do we select the project manager for ISO 27001? https://experta.com/shared-post/2c1b26e9-6c14-4d18-be77-8f2dfde72fbd
- Should we use an ISO 27001 consultant? https://experta.com/shared-post/07b72b53-a346-448c-a7f8-97bb5c228c08
Implementing each step in the project
Here is how to get help with a particular step in the project:
- What are the steps to define the ISMS scope? https://experta.com/shared-post/d6b15eb9-68b5-4c52-b839-9406904dcfd3
- Who should be in charge of defining the ISMS scope? https://experta.com/shared-post/4434efba-ea51-4afc-9167-8368391fba75
- What are the steps to perform risk assessment and treatment? https://experta.com/shared-post/a1469656-7c85-48bf-a1c5-376d8258fdef
- How do we implement control A.8.13 Information backup? https://experta.com/shared-post/36be85c3-3bb9-479a-b156-fbb66002ddd6
Handling documentation
Once you start working with documents, you can ask questions like these:
- What are the mandatory documents for ISO 27001? https://experta.com/shared-post/25492e71-8b14-4f4a-afd7-4b11fe2b10a0
- How do we document clause 4.2 Understanding the needs and expectations of interested parties? https://experta.com/shared-post/7217a3a1-d807-4fc4-826d-f950c560a592
- How do we document control A.5.7 Threat intelligence? https://experta.com/shared-post/1ef177ee-95ca-4733-99c5-7c17f34a2d31
- What is the structure of the Statement of Applicability? https://experta.com/shared-post/2d78e2cc-074f-43fb-9faa-c02b9d30fb97
Preparing evidence for certification audit
Once you start preparing for the certification, you can find out what kind of evidence will be needed:
- What kind of records are needed according to ISO 27001? https://experta.com/shared-post/666a0834-dc5d-4fc8-ae43-ab61eec92918
- Are training records required? https://experta.com/shared-post/8bf84d09-2531-4a3d-823c-5de1cc1a3284
- What will the certification auditor look for regarding control A.5.18 Access rights? https://experta.com/shared-post/c294b5b7-b5cb-49b6-ada0-3566cdac93ca
5) Find everything Experta has answered you
If you want to see all the answers Experta has provided you, use the Saved conversations feature – its purpose is to archive all your correspondence with Experta.
To open Saved conversations, click the menu item from the main menu:
… and then click the conversation you want to see:
You’ll notice that Experta will show you the whole conversation on the main screen – you can simply continue that conversation or click another saved conversation to be displayed.