ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
1. For the ISO27001:2013 standard, shall our company buy a copy for each of the staff? Or just buy some copies for upper management and internal auditors?
2. What is issues in ISO27001:2013? Is it the similar as preventive action in 2005? From my understanding, previously in 2005 preventive action means non-severe issues. But still need managers/staffs to follow up to prevent it from happening again in the future.
Answer:
Point 1: I think that only two persons in your company (project manager for ISO 27001 and internal auditor) need to read the standard, so 2 copies of the standard is enough. The important here is that the staff need to be conscious in information security, and it can be achieved with training performed by a professional in information security. In our section of free downloads https://advisera.com/27001academy/free-downloads/ you can find resources that can help you to do this, for example Why ISO 27001 Awareness presentation.
Point 2: Are different things. Issues are related to the context of the organiz ation and the definition of the scope, while the preventive actions are not explicitly present in the ISO 27001:2013 but you can see the risk management as a global preventive action. About the issues and the context of the organization, you can read this Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) : https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/, and regarding changes in the risk management you can read this What has changed in risk assessment in ISO 27001:2013 : https://advisera.com/27001academy/knowledgebase/what-has-changed-in-risk-assessment-in-iso-270012013/
Finally can be interesting for you this article about how to make a transition from ISO 27001:2005 to ISO 27001:2013 How to make a transition from ISO 27001 2005 revision to 2013 revision : https://advisera.com/27001academy/knowledgebase/how-to-make-a-transition-from-iso-27001-2005-revision-to-2013-revision/
Comment as guest or Sign in
Jan 12, 2016