Expert Advice Community

Guest

IT controls in non-IT departments

  Quote
Guest
Guest user Created:   Feb 01, 2016 Last commented:   Feb 01, 2016

IT controls in non-IT departments

We are implementing ISO 27001 in our department which is apart from HR, Procurement, and EVEN IT department, How can we apply so many IT related things in our department? Plus, we are working with contractors and those contractors are using subcontractors for our work, how can we apply risk assessment and treatment plan on them?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Dejan Kosutic Feb 01, 2016

Answer:

ISO 27001 is not an IT standard - only ca 50% of the controls are IT related, which means that non-IT departments can implement many controls as well - e.g. classification of the information, access control, physical security, etc. After you perform the risk assessment for your department, you will know exactly which controls to implement.

These articles will help you:
- Information security or IT security? https://advisera.com/27001academy/blog/2010/03/01/information-security-or-it-security/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

Regarding the risk assessment of contractors and subcontractors, first you have to assess which incidents can happen, and then ask the contractors through the contract to resolve those risks - this article will give you the guidelines: 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

This free ISO 27001 Foundations Online Course will also help you: https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 01, 2016

Feb 01, 2016