Vulnerability Assessment & Penetration Testing policy
Assign topic to the user
The vulnerability management and penetration test are not mandatory documents according to ISO 27001, nor are they documents commonly adopted by organizations (most of them rely on outsourced services for this purpose), so it is not included in the toolkit, to avoid unnecessary effort to manage the ISMS. If you understand that this document is important to your organization, you can schedule a meeting with one of our experts so he can help you to develop such a document.
These articles will provide you a further explanation about vulnerability management:
- How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/
- How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/
- Implementing restrictions on software installation using ISO 27001 control A.12.6.2 https://advisera.com/27001academy/blog/2016/02/08/implementing-restrictions-on-software-installation-using-iso-27001-control-a-12-6-2/
Comment as guest or Sign in
Sep 30, 2021