Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

How will we evaluate the deliverables of the consultant?

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

How will we evaluate the deliverables of the consultant?

My organization is currently in the process of selecting a consultant for developing the following: BIA, RA, BC strategy, and BCP. Implementation, training and testing will be done by ourselves.
0 0

Assign topic to the user

ISO 27001 LEAD IMPLEMENTER COURSE

Become certified as an ISO 27001 consultant.

ISO 27001 LEAD IMPLEMENTER COURSE

Become certified as an ISO 27001 consultant.

Guest
DejanK Jan 12, 2016

I have been asked by the top management how will we evaluate the deliverables of the consultant? my answer to them was that the consultant will be applying an international standard but I think this is not sufficient am wondering if there is a way other than real testing (since testing will not be carried out by the consultant) to evaluate the BIA or the RA or the BCP developed by the consultant specially that I will have to sign after each phase that consultant deliverable are acceptable.

To summarize: how can I evaluate the consultant work regarding BIA,RA,BCP & strategy without real testing for the plan? in another way is there is clear KPI to mention in the SLA?

Answer: This is a tough question. Frankly, I'm not aware of some KPIs with which you would be able to measure the quality of consultant's work. If you would be going for the certification, this would be one way to verify if what he has done was satisfactory.

But, to ensure that the consultant does a good you can do this:
1) When selecting a consultant, use this List of questions to ask your ISO 27001/ISO 22301 consultant - you can download it here: https://info.advisera.com/27001academy/free-download/list-of-questions-to-ask-an-iso-27001-iso-22301-consultant/
2) In the agreement write that you have to approve every document before you pay him
3) If you won't go for the certification, hire someone to review all the documents the consultant has written.

However, the alternative could be that you implement BIA, RA, BC strategy, and BCP yourself, since the implementation, training and testing will be done by yourselves anyway. You can get all the know-how here: https://www.iso27001standard.com/en/se*************************************

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics