Adapting processes to implement ISO 27001
How can we adapt our processes to implement ISO 27001?
Assign topic to the user
The adequacy of the processes will depend on the security controls identified by the company as necessary, based on the risk assessment results and the identification of applicable legal requirements (e.g., laws, regulations, or contracts).
For example, if the results of the risk assessment indicate the need for backup copies, the organization's processes must be adjusted to consider the time required to carry out the backup copies, as well as the places where to store these copies.
Another example would involve the need to manipulate information according to its classification. Certain processes must be suitable so that no information is left apparent if the user is not in their work area.
For further information, see:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
Comment as guest or Sign in
Mar 03, 2023