SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Implementar Seguridad de la Información
-
Resources about Internal Auditor
-
SOC II and ISO 22301
-
ISO 27001 and HITRUST
-
My organization can be certified by ISO 27001?
-
Protect information through email
-
Procedure for the information security incidents
-
What is ISO 27001?
-
Referencing to security controls in policies and procedures
At the the start of the document ‘Beleid voor aanvaardbaar gebruik’ (acceptable use of information & means) you reference a number of control objectives from Annex A. These are referenced in an un-specific manner, without being specific about the way these are documented in this ‘Beleid’ or implemented individually.Does this not defeat the specific connection between risks and mitigating security measures, or are you of the opinion that that aspect (iso27k 6.2) is covered sufficiently in the ’risk treatment plan’. -
Clause 9.1 - measurement in ISO 27001 toolkit
I was reviewing the ISO 27001 standard and was reading section 9.1 about monitoring, measurement, analysis, and evaluation. How does your documents deal with this? I know at the end of some of the documents, I've seen sections called "managing records kept on the basis of this document". This isn't how you are trying to monitor the effectiveness of processes and controls is it? Have I overlooked a document... I'm not really seeing anything that addresses 9.1. I guess when I read 9.1 about monitoring, measurement, analysis, and evaluation, I'm thinking it is something more driven around key performance indicators (KPI's), Service level agreements (SLA's), or something that would show stats about the effectiveness and relevancy where there was more of a system that gave analytics of some type. What are your thoughts?