SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Guest

ISO 27001 implementation issues

  Quote
Guest
Guest user Created:   Oct 27, 2018 Last commented:   Oct 27, 2018

ISO 27001 implementation issues

1) what are the main KPIs to measure the effectiveness and efficiency of the implementation of ISO 27001?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 27, 2018

Answer: Some interesting KPIs for ISO 27001 are:
- Percent of business initiatives supported by the ISMS
- Incident resolution time
- Percent of controls assessment performed
- Number of improvement initiatives

This article will provide you more information regarding ISO 27001 KPIs:
- Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/

2) what are the main structural causes of non-compliance during audits for ISO27001?

Answer: Generally, non conformities are related to mandatory requirements of the standard not being fulfilled, people not knowing something, either because they are not aware about the issue, or because they do not know how to do it, and the lack of evidences that an action was performed or a result was achieved.
This article will provide you more information regarding non conformities:
- Major vs. minor nonconformitie s in the certification audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
3) What are, among the documented mandated information, those that really allow to demonstrate full awareness of the importance of adopting ISO 27001 best practices?

Answer: The main documents that give awareness of the importance of adopting ISO 27001 best practices are the Information security policy and objectives (covering clauses 5.2 and 6.2) and the Records of training, skills, experience and qualifications (covering clause 7.2).

These article will provide you further explanation:
- What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
- 8 Security Practices to Use in Your Employee Training and Awareness Program https://advisera.com/27001academy/blog/2015/03/02/8-security-practices-to-use-in-your-employee-training-and-awareness-program/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 27, 2018

Oct 27, 2018