I am working on the ISM Policy and would like to know which other objectives we can put which are measurable besides the generic ones?
Assign topic to the user
Expert
Rhand Leal
Jan 24, 2023
ISO 27001 does not prescribe which objectives to define, so you can use objectives related to your business strategy, to specific customers and regulators you must comply with. Additionally, you can also use more specific objectives related to security controls, security processes, etc.
Some specific examples are:
- win a new customer in 6 months
- increase market share by 3% in 12 months
For further information, see:
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
Comment as guest or Sign in
Jan 24, 2023
Jan 24, 2023
Jan 24, 2023