ISO 27001 compliance testing
Hi. I wanted to get a high-level view of the types of testing i should do for ISO27001 compliance for a new website being built, and the ball-park cost estimates of the price I should be paying an external organization to do that testing?
Assign topic to the user
The types of tests to be performed will depend on:
- the requirements defined
- the results of risk assessment
- the legal requirements the website must comply with (e.g., GDPR requirements for data owner management of his/her own information)
Broadly speaking, there are basically 3 types of "tests" that can be related to ISO 27001:
- vulnerability testing (not mandatory)
- internal audit (mandatory)
- certification audit (mandatory only if you need the certificate)
Regarding the cost estimates, the best approach is to request a couple of quotations of companies which provide such tests, so you can make a comparison.
This article will provide you a further explanation about tests:
- How to set security requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/
- How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/
Comment as guest or Sign in
Jun 09, 2020