Guest user Created: Jul 09, 2019 Last commented: Jul 09, 2019

ISMS measurement

I have a new job as Information Security Officer in a startup company in XXXXX. They are preparing for ISO 27001 certification since last year. Last month, we had Audit stage 1 but with one major con conformity and others minors ones. The major one is related with the measure of ISMS. Can you guide me how to do it?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jul 09, 2019

Answer:

Without more details about the nonconformity, what I can suggest you is to check which objectives were defined for the ISMS (see clause 6.2) and how you can ensure if they are being achieved (see clause 9.1):
- Which monitoring methods were defined?
- When monitoring must be performed?
- Who must perform the monitoring?
- When the results of monitoring must be analyzed and evaluated?
- Who must analyze the results of monitoring and evaluation?

These articles will provide you further explanation about measurement:
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
- How to perform monitoring and measurement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 09, 2019

Expert Advice Community