how to get iso27001 certification if I have soc2 certification already?
My company has achieve the Soc2 certification but I want to know, how can I use this to achieve ISO27001.
Assign topic to the user
An organization Soc2 certified means it is compliant with Trust Service Criteria (TSC), which has a high level of alignment with ISO 27001.
Considering that, most part of the work to achieve ISO 27001 certification will be related to identify and document the evidences required by the standard.
For example, for ISO 27001 risk assessment and risk treatment approach must be documented, and this is not mandatory for TSC.
These articles will provide you a further explanation about Soc2 and ISO 27001:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- Comparison of SOC 2 and ISO 27001 certification https://advisera.com/27001academy/blog/21/02/02/iso-27001-vs-soc-2/
These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 06, 2021