Guest
Getting certification after risk assessment
I researched about ISO 27001 and this is the latest in the market. If you can help me with providing a bit about how do we actually get the certification after the risk assessment. Like how do we approach and plan? I will be very thankful to you.
Assign topic to the user
Expert
Rhand Leal
Jun 09, 2020
Generally speaking, after risk assessment you need to:
- define risk treatment
- elaborate and approve the statement of applicability
- develop and implement the risk treatment plan
- operate and monitor controls (implementing corrections and improvements as necessary)
- perform internal audit
- perform management review
- implement management review decisions (including the implementation of corrections and improvements as necessary)
These articles will provide you a further explanation about ISO 27001 implementation:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- Project checklist for ISO 27001 implementation (MS Word) https://info.advisera.com/27001academy/free-download/project-checklist-for-iso-27001-implementation
Comment as guest or Sign in
Jun 09, 2020
Jun 09, 2020
Jun 09, 2020