Expert Advice Community

Guest

ISO 27001 certification

  Quote
Guest
Guest user Created:   Jun 11, 2018 Last commented:   Jun 11, 2018

ISO 27001 certification

1 - What would be the procedure to get ISO certified on a WordPress website?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 11, 2018

Answer: ISO 27001 can't certify a website. The ISO 27001 certification is applicable to processes, locations or information related to the website. For example:
- The development and maintenance processes related to the website
- The physical location from where website is accessed
- The information published on the website

Considering that, broadly speaking, an organization has to:
- Define and document a scope based on the needs and expectations of interested parties relevant to information security
- Define, document and communicate an information security policy
- Define roles and responsibilities relevant to operation and management of information security
- Define a risk assessment and treatment methodology
- Define and allocate competencies and resources for the operation and management of information security
- Implement risk assessment and risk treatment
- Operate the security controls and generate the necessary records
- Measure, monitor and evaluate th e information security performance
- Implement corrections and improvements

To increase chances of success, it is important that persons involved have experience in project management and knowledge of the standard.

These articles will provide you further explanation about ISO 27001:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- Who should be your project manager for ISO 27001/ISO 22301? https://advisera.com/27001academy/blog/2014/12/01/who-should-be-your-project-manager-for-iso-27001-iso-22301/

2 - What kind of standard procedures we have to follow. Please let me know.

Answer: ISO 27001 has a set of documents and records that you need to produce if you want to be compliant with the standard such as:
- Scope of the ISMS (clause 4.3)
- Information security policy and objectives (clauses 5.2 and 6.2)
- Risk assessment and risk treatment methodology (clause 6.1.2)

For a complete list, please access this article: List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

These materials will also help you regarding ISO 27001 certification:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 11, 2018

Jun 11, 2018

Suggested Topics