Expert Advice Community

Guest

Queries related to old client

  Quote
Guest
Guest user Created:   Feb 10, 2023 Last commented:   Feb 10, 2023

Queries related to old client

Just a quick question: We have some old customers, and at the time, we had not considered obtaining ISO 27001 certification. However, now that we have them, do we need to define the old customers in the risk and stakeholder options given that some policies and procedures aren't in place? So, could you provide us with some guidance on how to handle this situation?

0 0

Assign topic to the user

ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS

Basics of identification of interested parties and their requirements.

ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS

Basics of identification of interested parties and their requirements.

Expert
Rhand Leal Feb 10, 2023

I’m assuming you want to know how to handle old customers considering ISO 27001 certification and policies and procedures not implemented yet.

Considering that, first is important to note that you need to follow all ISO 27001 implementation Steps: https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

According to these steps, you need first to evaluate if these old customers have requirements (i.e., needs and expectations defined in contracts or agreements you have with them) that can impact or be impacted by the information you want to protect with your Information Security Management System (ISMS).

In case such requirements exist, then you need to consider them in your implementation, by identifying information security risks related to these requirements and, for those risks deemed as relevant, develop and/or adjust policies and procedures accordingly.

For example, if these customers have requirements for which compromise of availability of information protected by the ISMS can impact them, then you need to identify relevant related risks and develop or update a backup policy.

In case there are no relevant requirements, these customers do not need to be considered in the ISMS.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 10, 2023

Feb 10, 2023

Suggested Topics

Guest user Created:   Apr 25, 2023 ISO 27001 & 22301
Replies: 1
1 0

Question related to Antivirus

Guest user Created:   Apr 24, 2023 ISO 27001 & 22301
Replies: 1
0 0

Queries ISO 27001

Guest user Created:   Feb 16, 2023 ISO 27001 & 22301
Replies: 1
0 0

Queries on Risk register