It may be something of a cliché but, for ISMS projects, it is certainly true to say that ‘well begun is half-way done.’ The person charged with leading an ISO 27001 ISMS project has to reduce something that looks potentially complex, time-and resource-consuming, and difficult, to something that everyone believes can be achieved in the time frame allocated and within the resources allowed. And then you have to make sure that it is actually delivered!

What this actually means is that the ISMS project leader has to set the project up in such a way that it is adequately resourced, that there is enough time (including for everything that will go wrong) and that everyone understands the risks in the project and accepts the ...