The most common obstacle we meet when helping clients with their ISO 27001 projects (or any ISO project for that matter…or, come to think of it, any internal change/improvement project) is Business As Usual (BAU). It basically means, that people and organisations have all the best intentions to find the time and get the design and implementation done, but when reality hits, they find themselves being too busy with BAU, so they never get time to do the “other” work. This causes projects to lose momentum and if the break gets too big, before you restart the project, you sometimes need to go a few steps back and start all over again.
The interesting thing is, that typically these organisations have a huge desire to get this done and they want to get it done ASAP. Let’s do it in 4 months instead of 6 months – Yeah. Reality however is, that these projects sometimes end up taking 12 months. And I am not talking about projects without proper leadership support and resources. Even when there is terrific support from the top as well as resources allocated, BAU can get in the way.

So should we just accept that, this is how it is? Or is there something, you can do to get more done and finish the project closer to the 4 month target than to the 12 month average?

Yes, there is, however it is not a silver bullet but rather a combination of a number of small things, that we have seen work (again here I assume, that you have basic requirements in place such as leadership support and ressources available):

Make it a higher priority, not just on a spreadsheet but in your mind. Think business improvement, efficiency, productivity, cost reduction etc. rather than certification when you think about the project. If you get your mind set this way, it will start to unconsciously get a higher priority.
Involve people from your team and the wider organisation and devolve the process responsibility to as many people as possible. Often we see, that it is more or less one person, who has to do it all and that person becomes a bottleneck. Delegating not only means better efficiency but typically also means better quality of the ISO 27001 management system, because these process owners have more knowledge about the process and where it could and should be improved. Hey this could even lead to higher employee engagement, because your staff are helping shape the way, they work.
Never let a week pass without doing anything on the project. Commit a number of hours, that you WILL, as a minimum, spend on the project each week. It could be something as little as 2-3 hours. You will be amazed of, how much you can get done in 3 hours and the project will not lose momentum and will keep moving forward.
Set some deadlines for yourself and the team and make small celebrations, when these deadlines are met. Yes, not rocket science.
Drop perfection. Approach the task with the notion of getting something, that is good and will work. There will be plenty of opportunity, once the ISO 27001 management system is running to measure, review and improve. In fact, the standard would expect you to do that.
Keep a checklist on your desktop and keep working this checklist as priorities change.
Always make sure you have the correct resource and have back filled the roles you’re expecting to be involved in the project. If a department can afford to loose someone for a period to be involved in the project, the chances are this isn’t the best person to be involved in the project (point added by Mike Andrews) .
Ok, so there you have it. I am sure, this list of advice could be longer, but I am conscious of number 5 plus the fact, that you are probably so busy with BAU, that reading a blog that is longer than this is highly unlikely.