Expert Advice Community

Guest

ISO 27001 Conformio questions

  Quote
Guest
Guest user Created:   Jul 14, 2022 Last commented:   Jul 14, 2022

ISO 27001 Conformio questions

1. In case we have to abide by requirements in several states because we are doing business with both, how should we handle these requirements in the context of ISO 27001 implementation? 2. In case we have defined a security objective and we fail it (i.e., our target was to decrease the number of incidents, and we see that they have risen) will this hamper my possibility of obtaining the certification. 3. How do we select a certification body?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 14, 2022

1. In case we have to abide by requirements in several states because we are doing business with both, how should we handle these requirements in the context of ISO 27001 implementation?

First, these requirements must be included in the Register of Requirements module. After you include these requirements in this module, related controls will be identified as applicable in the Statement of Applicability module, and the responsible person for the requirement can define and upload the related implementation plan.

2. In case we have defined a security objective and we fail it (i.e., our target was to decrease the number of incidents, and we see that they have risen) will this hamper my possibility of obtaining the certification.

In case you evaluate that you have not achieved a security objective, this situation will affect your certification process only if any decision regarding how to handle this situation is not made, or if actions related to such decision are not implemented or do not have the expected results.

For further information, see:

  • Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/

3. How do we select a certification body?

Elements you should consider when selecting a certification body are at least these ones:

  • Reputation.
  • Accreditation.
  • Specialization in your industry.
  • Experience.
  • Integrated audit.
  • Flexibility.
  • Required maturity for certification.
  • Language.

For further information, see:

  • How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 14, 2022

Jul 14, 2022

Suggested Topics