About the Forum

Since its launch in July 2006, the ISO27k Implementers’ Forum has grown into a supportive global community of over 1,000 information security professionals who are actively using the ISO/IEC 27000-series standards. 

Membership of the Forum is free for those with a professional interest in using the ISO27k standards i.e. information security managers, analysts, consultants and others who have practical implementation experiences to share and contributions to make. We stress the sharing aspect - lurkers are no benefit to the rest of us.

The Forum’s purpose

This is a practitioner’s group with a pragmatic rather than theoretical focus. We mostly discuss practical matters of interest to those interpreting and applying the standards in real world situations. Forum members:

• Are generally interested in information security standards;
• Would like more information about the standards, beyond that available on this website;
• Are actively implementing the standards or are fully compliant with the standards;
• May be certified against the certification standards;
• Are reviewing or auditing organizations against the standards;
• Are advising clients or colleagues about the standards;
• Would like to promote the standards more widely;
• Are involved in the standards bodies and committees responsible for developing the standards; and
• Wish to discuss information security management standards, practices, methods etc. with other interested parties.

Recent threads

• Information asset inventory and classification
• Risk analysis methods and techniques
• Building the business case for information security and gaining executive support
• Scope definition, Statement of Applicability and Risk Treatment Plans
• Parallels between ISO27k and ISO 9000/quality assurance
• Organization structure and reporting lines for the information security function
• Why are so few “lead auditors” fully accredited?

We have also contributed to the promotion and development of the ISO27k standards, most recently collaborating in an online group project to develop an ISMS Auditing Guideline as a precursor to ISO/IEC 27007. Members of the forum have provided the sample materials in the ISO27k Toolkit, the white papers, the questions and answers in the FAQ and the links to other resources.

Feedback from forum members

“I just wanted to get in touch with some praise as I am very impressed with everything that goes on in this forum. Since joining I have bought the standards as per your recommendation online and I have opened my eyes to all that is possible from a commercial and more importantly practical point of view. My company has been developing a Risk Assessment plan for SME's and although I have a guy that has a masters in IT Security working on the plan, we're finding so much good points from the forum that it is helping us a great deal.” Thanks Dave!

OK, sign me up!

If you are actively implementing the ISO27k standards and are willing to provide input to the discussions (not just to lurk!), please apply to join the Forum. The Forum is simply a mailing list run on Google Groups. Emails sent by Forum members to the Forum’s email address are ‘reflected’ back to all members.

We reject around half the applications, generally because applicants provide no information or evidently have no ISO27k experience to share. We welcome those who have actually implemented ISO/IEC 27002 and/or whose organizations have been certified compliant with ISO/IEC 27001. We also welcome those of you who are just setting out on the journey to enlightenment provided you can persuade us that you are serious about it and are willing to give as well as receive.

If your application is unsuccessful, please consider joining the other ISMS mailing lists instead but by all means re-apply when you have actually implemented the standards or at least started your implementation project. To appeal your application, contact us directly.

Privacy

If you join the Forum, you will obviously receive ISO27k-related emails from us and from other Forum members via Google Groups but that’s it. Rest assured that we will not exploit, sell or give away your email address: after all, securing personal information is one of the key reasons for implementing ISO27k! Our privacy policy has more on this.

Feel free to create a unique email address for the Forum and please let us know straight away if you receive any spam, indicating a control lapse somewhere. We utterly detest and actively fight spam. Any Forum members who spam other members will be fed bit-by-bit to the ravenous bugblattered beast of Traal or be forced to attend Vogon poetry recitals.

Forum tips and etiquette

Google Groups gives you the option of receiving each message individually or a daily digest. This is a low-volume mailing list so it makes little difference in practice.

Please be professional and respectful at all times. Some of our members are new to this game and occasionally make naive or misguided statements. Be gentle with them - we all had to start somewhere.

Please add your name to your postings, for example using an email signature. It helps to indicate how you wish to be addressed. Members from cultures that normally put the family name first take note. Please give us a clue about your “first name”, the name that your friends use informally.

Like this website, the forum is a commercial-free zone. We actively discourage members from overtly advertising or promoting their organizations and products, making commercial offers etc. on the forum, although conventional discreet email signatures are acceptable. Please help us keep this a spamless professional support forum. To discuss commercial matters (e.g. if a forum member explicitly requests information on goods or services that your company supplies), please contact them directly/off-line and NOT via the forum. Thank you for your understanding.

The Forum’s primary language is English. However, many members do not speak English as their first language. Please look past the grammatical errors: those who are brave enough to express themselves on such a technical subject in a foreign language as arcane as English deserve medals not moans. Please take non-English discussions off-line but of course we would welcome an English summary if they are relevant to the group.

Please don’t “top post”. If you reply to a Forum message, don’t just add your comments to the top of the entire original message: trim down the original message to its essentials and insert your comments in context.  [In marked contrast to Yahoo! Groups, Google Groups does not dump acres of spam after every message so this is not quite so important.]

Stay on topic please! There are plenty of other mailing lists and resources out there for other aspects of information security management. This Forum is EXCLUSIVELY about implementing the ISO/IEC 27000-series standards - no more, no less.