Guest
ISO 27001 Standard reference in controls implementation
If my Organization is not planning to be certified by ISO 27001:2013 standard on an immediate basis, but still we want to use ISO 27001 standard document as a reference in our Information Security Policy and all other supporting policies e.g, password policy, Acceptable Usage Policy, Encryption Policy, Remote Access Policy, Malware Protection Policy,. Can we write ISO 27001 document as a reference in those policy documents? If yes, any other precaution need to be taken care apart from Organization has to buy a licensed version of ISO 27001:2013 document on its own name from ISO website and actually implementing controls mentioned in the ISO 27001 document? If no, please explain why. Your valuable inputs would be appreciated.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Rhand Leal
Dec 05, 2017
Answer: You can write ISO 27001 as reference for your documents without the need to get certified. Regarding the standard itself, you indeed need to have a licensed version available, so you can show proper evidence you had proper access to the standard content.
Comment as guest or Sign in
Dec 05, 2017
Dec 05, 2017
Dec 05, 2017