Comply with clause 9.1
Assign topic to the user
Answer:
To comply with the clause 9.1 basically you need to perform a monitoring, measurement, analysis and evaluation of your ISMS. How can you do this? A way is using metrics. An example:
If an objective is to reduce backups failures (10%), you can perform a periodic measurements (for example each week) with this formula: Failure backups / Total backups. And you can see how is the evolution of the measurements.
Another example can be to reduce the number of unauthorized access to a critical server (15%), so you can use this formula : Unauthorized access / Total access. And see the evolution performing periodic measurements.
This article can help you “How to perform monitoring and measurement in ISO 27001” : https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
And also this free webinar “ISO 27001 and ISO 27004: How to measure the effectiveness of information security?” : https://advisera.com/27001academy/webinar/iso-27001iso-22301-the-certification-process-free-webinar/
Finally, these materials will help you to know more about how to measure your ISMS:
- free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Comment as guest or Sign in
Sep 15, 2016