Process approach in ISO 27001:2013
Assign topic to the user
Answer: ISO 27001 2013 revision is still based on process approach, even though it is not emphasized in the standard itself. However, the process approach should not be mixed with the ISMS scope - process approach means that in order to increase security, you have to implement security activities in your IT and business processes.
Setting the scope in new ISO 27001:2013 is the same as in 2005 revision - you can set the ISMS scope for your whole organization, or for only a part of it - this could be one department, one location, or one processes - however, I wouldn't recommend to set the scope for only one process because this is extremely difficult to achieve.
As long as a standard demands establishment and maintenance of a system of interrelated processes, their implementation, their control based on measurable results and continual improvement, it is based on process approach, in my opinion. Also, the process approach should prove to be an enabler to achieve business objectives, including customer satisfaction/ delight.
Comment as guest or Sign in
Jan 12, 2016