ISO 27001 certification
Assign topic to the user
Answer: 2013 revision of ISO 27001 has 14 sections in Annex A with 114 controls (it used to be 11 sections with 133 controls in 2005 revision) - see details here: https://blog.iso27001standard.com/2013/10/08/infogr***************************************************
Also, they tell me that they have only done an 'informal' risk assessment to determine their scope (and their scope does not have definite parameters at this point). Does a certification audit require documented evidence of a formal risk assessment as it pertains to Information Security to pass certification?
Answer: ISO 27001 requires you to document both the methodology for risk assessment, and the risk assessment results - if you didn't document these, you will fail the certification. Read also this article: List of mandatory documents required by ISO 27001 (2013 revision) https://blog.iso27001standard.com/2013/09/30/list-of-ma******************************************************
Comment as guest or Sign in
Jan 12, 2016