ISO 27001 Certification
We're a SaaS Company, requiring to get ISO27001 Certified. We've previously been certified with FedRAMP, SOC2, and our current documentation follow all NIST guidelines. How do we make the transition?
Assign topic to the user
We are not experts in FedRAMP, SOC2, and NITS, but this situation is more like "adjustment" than "transition" because the safeguards required/used by the frameworks you mentioned can be used for ISO 27001 implementation (some of them can be linked to controls form the standard's Annex A). Your main concern should be compliance with the main clauses of the standard.
These articles will provide you a further explanation about the implementation of ISO 27001 and use of NIST framework:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- How to use the NIST SP800 series of standards for ISO 27001 implementation https://advisera.com/27001academy/blog/2016/05/02/how-to-use-the-nist-sp800-series-of-standards-for-iso-27001-implementation/
- How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Apr 24, 2020