Maintenance of the ISMS
Assign topic to the user
I am in a relatively small (around 80 people) software company that already has the 27001 certification and am in a brand new position as Process Innovation Analyst where I have to make sure the certification is updated, improved, etc.
If you have any suggestions as to how to go about making a proper maintenance of the certification I would really appreciate it.
Answer:
It is very important for us to know that our documentation can help you, we appreciate your feedback. One question, Do you have made the update to the new ISO 27001:2013? It is very important. Regarding to the maintenance, the important things is to perform each year the internal audit, management support, measure with your defined indicators, perform test to the business continuity plan, perform meetings to deal with questions related to the ISMS, review the information security policy, define new information security objectives, perform the risk assessment & treatment, etc.
For more information about the maintenance of the ISMS, please read this article How to maintain the ISMS after the certification : https://advisera.com/27001academy/blog/2014/07/14/how-to-maintain-the-isms-after-the-certification/
Comment as guest or Sign in
Jan 12, 2016