Compliance questionnaire
Assign topic to the user
Você poderia por gentileza, dar uma orientação em como formular esse questionário?
(I am doing an academic paper (Article) on information security in which I have to prepare a questionnaire with the purpose of analyzing the adherence of information security adopted in companies with ISO 27002.
Could you please give guidance on how to formulate this questionnaire?)
Answer: Basically you have to identify for each control what is required (generally an action followed by the word "should") and formulate a question based on it.
For example, for control 5.1.1 (Policies for information security), the requirement is:
"A set of policies for information security should be defined, approved by management, published and communicated to employees and relevant external parties."
So a proper question would be "Are t here policies for information security defined, approved by management, published and communicated to relevant parties?"
For reference, I suggest you to take a look at our ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/
Comment as guest or Sign in
Apr 26, 2018