Expert Advice Community

Guest

ISO 27001 for medium-sized companies

  Quote
Guest
Guest user Created:   Oct 13, 2020 Last commented:   Oct 13, 2020

ISO 27001 for medium-sized companies

Isn't ISO27001 a bit oversized for medium-sized companies with a company size of approx. 270 employees? especially if you are not in system-critical industries?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 13, 2020

Please note that ISO 27001 was designed to be applicable to organizations of any size and industry. In short, clauses from 4 to 10 (the ones that are mandatory), requires:

  • Definition of the ISMS scope considering relevant internal and external issues and expected results
  • Definition of roles and responsibilities regarding information security
  • Identification and treatment of relevant risks
  • Provision of resources
  • Proper operation of controls, and recording of evidence
  • Performance review
  • Treatment of non-conformities and continual improvement

If you note, these activities should be performed by organizations of any size looking for excellence.
 
Regarding documents, ISO 27001 requires few documents in clauses 4 to 10, and most of the controls from Annex A do not require documentation such as policies or procedures (although for implemented controls you have to produce records, such as logs, reports, etc.)

What normally varies is that, according to the organization's willingness to take risks, the number of applicable controls will be greater or smaller than to other similar organizations, and this will affect the provision of resources.  

Most of our clients are companies smaller than 200 employees, and they do not have much trouble implementing this standard.

These articles will provide you a further explanation about ISO 27001:

These materials will also help you regarding ISO 27001:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 13, 2020

Oct 13, 2020

Suggested Topics

Guest user Created:   Jun 06, 2020 ISO 27001 & 22301
Replies: 1
0 0

A.8 Asset management

EB Created:   Nov 12, 2019 ISO 27001 & 22301
Replies: 3
0 0

ISO 27001 certification