Expert Advice Community

Guest

Controls required for ISO 27001 certification

  Quote
Guest
Guest user Created:   Dec 02, 2017 Last commented:   Dec 02, 2017

Controls required for ISO 27001 certification

Currently elements of specific requirements for 27001 are missing (Asset Management/Active Directory/User Access/'Screening of staff at recruitment stage/Procurement process which is currently being reorganised. I have advised that these elements need to be in place before we even consider ISO 27001 certification..Am I correct in saying this?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Dec 02, 2017

Answer: According to ISO 27001, the elements you mentioned only need to be in place in the following situations:
- to treat unacceptable risks
- are required by laws or contracts the organization must comply with
- are demanded by top management for any other reason

If you cannot link these elements to any of these reasons they are not required for ISO 27001 certification.

This article will provide you further explanation about ISO 27001 and mandatory documents:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- List of mandatory documents required by ISO 27001 (2013 revi sion) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

This article will provide you further explanation about risk assessment and risk treatment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

These materials will also help you regarding ISO 27001, mandatory documents and risk assessment and risk treatment:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 02, 2017

Dec 02, 2017

Suggested Topics

Guest user Created:   Oct 16, 2019 ISO 27001 & 22301
Replies: 1
0 0

Audit planning