Expert Advice Community

Guest

Pen-test

  Quote
Guest
Guest user Created:   May 05, 2021 Last commented:   May 05, 2021

Pen-test

I have one question. Is a pen-test from a third party required for getting the ISO-certification?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 05, 2021

ISO 27001 does not prescribe a pen-test from a third party as a requirement for ISO 27001 certification.

Pen-tests, including those performed by third parties, are only required if there are relevant risks (i.e., risks evaluated as unacceptable according to your criteria), or legal requirements (e.g., laws, regulations, or contracts).

These articles will provide you a further explanation about selections of controls and pen tests:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/

These materials will also help you regarding controls selection:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- ISO 27001 Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 05, 2021

May 05, 2021