Guest
ISMS metrics, from Product development perspective
Can you provide guidance or recommendations how to develop ISMS metrics, from Product development perspective?
Assign topic to the user
Expert
Rhand Leal
Feb 10, 2022
Regardless of the perspective, the development of metrics follows some general rules:
- Business relevant: the indicator should be aligned to clear business objectives or legal requirements.
- Process integrated: activities to collect the necessary data for a KPI should add the least amount of work possible.
- Assertive: the indicator should be capable of pinpointing relevant issues (e.g., process steps, organizational areas, resources, etc.) that need attention.
Considering Product development, some examples are:
- Percent of products of the portfolio supported by the ISMS
- Number of product development incidents related to information compromise
- Incident resolution time
- Percent of controls assessment performed
- Number of improvement initiatives
For further information, see:
- Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
Comment as guest or Sign in
Feb 10, 2022
Feb 10, 2022
Feb 10, 2022