Clause 9.1 - measurement in ISO 27001 toolkit
Assign topic to the user
Answer:
In our documentation toolkit there are basically two levels of measuring: first is on the level of the documents - in the last section of most of our documents, you'll find a sentence: "When evaluating the effectiveness and adequacy of this document, the following criteria need to be considered:..." and then a couple of items to be measured.
The second level is for the controls - in the Statement of Applicability you should set the objectives for each control, and then you can measure up to which level those objectives have been fulfilled.
These two levels are applicable for smaller and mid-size companies - of course, for larger companies you might develop a more precise and more comprehensive systems like KPIs or Balanced Scorecards.
These materials will also help you:
- How to perform monitoring and measurement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
- ISO 27001 and ISO 27004: How to measure the effectiveness of information security? https://advisera.com/27001academy/webinar/iso-27001-iso-27004-measure-effectiveness-information-security-free-webinar/
- ISO 27001 Foundations Course: https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jan 15, 2016