Guest
ISMS metrics related to Scope
Dears, please, the scope of our Certification is purerly focused to Product development data security. Have you got any tip or examples of PD relevant ISMS metric/s? Of course without specific data, like names or values. Just to have as inspiration for us. Thank you in advance...
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Rhand Leal
Feb 10, 2022
Regardless of the perspective, the development of metrics follows some general rules:
- Business relevant: the indicator should be aligned to clear business objectives or legal requirements.
- Process integrated: activities to collect the necessary data for a KPI should add the least amount of work possible.
- Assertive: the indicator should be capable of pinpointing relevant issues (e.g., process steps, organizational areas, resources, etc.) that need attention.
Considering Product development, some examples are:
- Percent of products of the portfolio supported by the ISMS
- Number of product development incidents related to information compromise
- Incident resolution time
- Percent of controls assessment performed
- Number of improvement initiatives
For further information, see:
- Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
Comment as guest or Sign in
Feb 10, 2022
Feb 10, 2022
Feb 10, 2022