Expert Advice Community

Home / ISO 27001 & 22301 / ISO 27001:2013 and KPIs

Guest

ISO 27001:2013 and KPIs

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

ISO 27001:2013 and KPIs

ISO 27001 & 22301
The iso 27001:2013 states that a organization shall use kpi's. Where in the toolbox can i find those kip’s?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Guest
DejanK Jan 12, 2016

Answer: ISO 27001:2013 does not require you to use KPIs (Key performance indicators) - it does however require you to set the objectives, define how to measure them, define who and when will report on the results, and who will evaluate these results. And I agree with you this is very similar concept to KPIs.

In our Documentation Toolkit, these principles are outlined in the Information Security Policy, while the control objectives need to be defined through the Statement of Applicability. We didn't describe the objectives into detail because they will differ greatly from company to company; you can also use the suggested objectives that are stated in Annex A of ISO 27001.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Guest user Created:   Nov 26, 2020 ISO 27001 & 22301
Replies: 1
0 0

Questions for ISMS
Guest user Created:   Jul 21, 2016 ISO 27001 & 22301
Replies: 1
0 0

Corrective actions
Guest user Created:   May 18, 2016 ISO 27001 & 22301
Replies: 1
0 0

KPI and metrics