Controls measurement
Assign topic to the user
The concept of measurement is also best explained through this PDCA cycle:
In the Plan phase you need to set the objectives (ISO 27001 4.2.1 b 1) and 4.2.1 g),
In the Do phase you must figure out how to measure up to which point your objectives are achieved (ISO 27001 4.2.2 d),
In the Check phase you need to start actual measurement (ISO 27001 4.2.3 c), and finally
In the Act phase, once you realized you haven’t achieved your objectives (which is very often the case), you need to make certain improvements (ISO 27001 4.2.4 d)
However, I was unable to get the section in actual ISO 27001 standard which you mentioned as
4.2.1 b 1) and 4.2.1 g)
ISO 27001 4.2.2 d
(ISO 27001 4.2.3 c),
(ISO 27001 4.2.4 d)
Answer:
First of all, sorry for this inconvenience. This article was written considering version 2005 of ISO 27001. For version 2013 you must consider these clauses:
ISO 27001:2005 4.2.1 b 1) is now ISO 27001: 2013 5.2 Policy
ISO 27001:2005 4.2.1 g) is now ISO 27001: 2013 6.1.3 Information security risk treatment
ISO 27001:2005 4.2.2 d is now ISO 27001: 2013 9.1 Monitoring, measurement, analysis and evaluation
ISO 27001:2005 4.2.3 c is now ISO 27001: 2013 9.1 Monitoring, measurement, analysis and evaluation
ISO 27001:2005 4.2.4 d is now ISO 27001: 2013 10.1 Nonconformity and corrective action and 10.2 Continual improvement
Comment as guest or Sign in
Dec 14, 2018