How will we evaluate the deliverables of the consultant?
Assign topic to the user
I have been asked by the top management how will we evaluate the deliverables of the consultant? my answer to them was that the consultant will be applying an international standard but I think this is not sufficient am wondering if there is a way other than real testing (since testing will not be carried out by the consultant) to evaluate the BIA or the RA or the BCP developed by the consultant specially that I will have to sign after each phase that consultant deliverable are acceptable.
To summarize: how can I evaluate the consultant work regarding BIA,RA,BCP & strategy without real testing for the plan? in another way is there is clear KPI to mention in the SLA?
Answer: This is a tough question. Frankly, I'm not aware of some KPIs with which you would be able to measure the quality of consultant's work. If you would be going for the certification, this would be one way to verify if what he has done was satisfactory.
But, to ensure that the consultant does a good you can do this:
1) When selecting a consultant, use this List of questions to ask your ISO 27001/ISO 22301 consultant - you can download it here: https://info.advisera.com/27001academy/free-download/list-of-questions-to-ask-an-iso-27001-iso-22301-consultant/
2) In the agreement write that you have to approve every document before you pay him
3) If you won't go for the certification, hire someone to review all the documents the consultant has written.
However, the alternative could be that you implement BIA, RA, BC strategy, and BCP yourself, since the implementation, training and testing will be done by yourselves anyway. You can get all the know-how here: https://www.iso27001standard.com/en/se*************************************
Comment as guest or Sign in
Jan 12, 2016