Expert Advice Community

Guest

ISMS measurement

  Quote
Guest
Guest user Created:   Jul 09, 2019 Last commented:   Jul 09, 2019

ISMS measurement

I have a new job as Information Security Officer in a startup company in XXXXX. They are preparing for ISO 27001 certification since last year. Last month, we had Audit stage 1 but with one major con conformity and others minors ones. The major one is related with the measure of ISMS. Can you guide me how to do it?
0 0

Assign topic to the user

ISO 27001 FOUNDATIONS COURSE

Everything you need to know about ISO 27001.

ISO 27001 FOUNDATIONS COURSE

Everything you need to know about ISO 27001.

Expert
Rhand Leal Jul 09, 2019

Answer:

Without more details about the nonconformity, what I can suggest you is to check which objectives were defined for the ISMS (see clause 6.2) and how you can ensure if they are being achieved (see clause 9.1):
- Which monitoring methods were defined?
- When monitoring must be performed?
- Who must perform the monitoring?
- When the results of monitoring must be analyzed and evaluated?
- Who must analyze the results of monitoring and evaluation?

These articles will provide you further explanation about measurement:
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
- How to perform monitoring and measurement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 09, 2019

Jul 09, 2019

Suggested Topics