Expert Advice Community

Guest

Operational Security Objectives

  Quote
Guest
Guest user Created:   Jul 14, 2021 Last commented:   Jul 14, 2021

Operational Security Objectives

We are confused on this section, Decreasing or Increasing, what if we don't have any incidents for the year, we can't decrease it. We don't have ISO yet and haven't had issues with onboarding customers, would it help in increasing revenue?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 14, 2021

I’m assuming you are referring to the Information Security Policy document.

Considering that, ISO 27001 is pretty flexible when it comes to defining your security objectives. In this case, when you didn’t have incidents in the year, you can set as an objective 0 incidents, or focus on other objectives.

This absence of incidents can in fact help to acquire new customers and increase revenue (potential customers will have more confidence to work with you), but please note that keep an objective of 0 incidents is a pretty hard one. 

Normally 3 to 4 objectives allow an ISMS to support properly the business, for example:

  • one operational objective: system uptime
  • one financial objective: increased revenue
  • one business objective: entering a new market
  • one compliance objective: fulfillment of GDPR

This article will provide you a further explanation about information security objectives:

In this free online training, you'll find detailed guidance on setting the objectives:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 14, 2021

Jul 14, 2021

Suggested Topics

Mayank Created:   Sep 27, 2021 ISO 27001 & 22301
Replies: 1
0 0

Security Objectives

Guest user Created:   Mar 15, 2021 ISO 27001 & 22301
Replies: 1
0 0

Risk Management and ISMS

Guest user Created:   Sep 24, 2020 ISO 27001 & 22301
Replies: 1
0 0

License management Auditing