Information security in project management
What are some of the evidence you can show as demonstrating the practice of information security in project management
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
In short, you can think about the inclusion of information security in project management as if you are going to implement a small ISMS that will fit the project's needs and be proportional to the project's lifetime and budget.
Considering that, these are some evidence you should consider:
- definition of information security objectives and include them in the project objectives, the same way you define information security objectives for an ISMS aligned with the organization's objectives, the only difference is that these objectives are restricted to the scope of the project.
- initial and regular information risk assessment in the project and identification of applicable legal requirements, like you would do it with other business processes, to identify necessary controls (the controls you mentioned should be based on this step)
- evidence related to the implemented controls (e.g., backup media, in the control A.12.3.1 Information backup is implemented).
This article will provide you a further explanation about Information security in project management:
- How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/what-is-iso-27001/
Comment as guest or Sign in
Jul 06, 2020