The requirement for BS7799 / ISO 27001 implementation or certification is mainly driven by external pressure, like a client requirement. The management will only be worried of the above mentioned aspects and first step they would do is to allocate a budget for this project and ask the IT or QMS or for that case any department to complete the project. The goal should be, to make the management understand the actual requirement for this implementation and also project the results / benefits of this project. Sometimes (depending on your nature of business) you do not even require to go in for the certification process. At times you might even not require certifying or implementing the process at all your branches.
