Indicators and ISO 27001
Assign topic to the user
Answer:
First of all, ISO 27001:2013 does not require to use indicators, only require to set objectives, and how to measure them, including who and when will report and evaluate the results. This article can help you “How to perform monitoring and measurement in ISO 27001” : https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
By the way, it is important to differentiate between the measurement and the risk assessment, because they are things completely different. This article can give you more information about the risk assessment "ISO 27001 risk assessment & treatment - 6 basic steps" : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
Regarding the assessment to obtain a diagnostic, I am not sure if I have understood your question, but habitually the internal audit is performed to evaluate the ISMS implemented, and you can also use it as diagnostic. If you want to perform an internal audit, this article can be interesting for you “How to make an Internal Audit checklist for ISO 27001 / ISO 22301” : https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
Finally, our online course can be also interesting for you because we give more information about the measurement of an ISMS “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jul 07, 2016