Please select user.
There are no topics yet.
I have a question about one the topic to be addressed during the ISO 27001 Management Review. The Fulfillment of the security objectives.I have some challenges to present this topic.
To fulfill this requirement I was thinking of addressing the ISO 27001 6.2 requirements (6.2. f what will be done, 6.2.g, what resources will be required, 6.2.h who will be responsible, 6.2.i when it will be complete, 6.2.j how the results will be evaluated) through a table that would contain columns for these different topics:
Recommendation (from the risks assessment)
Risks (covered by the recommendation)
Roadmap Project (which contain all the details of the resources, the deadline, the responsible)
Related Security Objective
Related KPI with target
Progress Status of the project.
Is it something that you think can help address this ?
Thanks for your valuable recommendations.
I have this example on my Information security policy, but I think this objetive it is not S.M.A.R.T., please tell me, am I wrong?
"Define and establish the general guidelines of information security in the company, which will guide the personal and professional behavior of all employees and third parties who interact regularly or occasionally with the information and information assets associated with it in the development of their functions."
Thank you for your help.