Guest user Created: Oct 22, 2018 Last commented: Oct 22, 2018

Holistic approach

I'm trying to understand why all these mandatory documents would result in a holistic approach to security and confidence in how things relate to one another? I feel like there should be more... how should I look at this?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Oct 22, 2018

Answer:

The whole set of ISO 27001 mandatory documents ensure that an organization plans (e.g., define information security policy), performs actions (e.g., performing of risk assessment and risk treatment plan, and operation of security controls), controls results (e.g., through performance measurements, internal audits, and management reviews), and improves information security (e..g., by means of treating non conformities and opportunities of improvement).

If you consider only part of the documentation, some steps of the information security management can be forgotten and the security will fail in to achieve the expected results.
These articles will provide you further explanation about ISO 27001 approach:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- Has the PDCA Cycle been removed f rom the new ISO standards? https://advisera.com/27001academy/blog/2014/04/13/has-the-pdca-cycle-been-removed-from-the-new-iso-standards/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Oct 22, 2018

Expert Advice Community