Relation of ISMS with CMM level
You had been answering my queries successfully for so many years. So, I have one more question.
What is the difference in ISO27001:2013 implementation for an organization that is operating at CMM level 3, level 4 and level 5?
Is my question relevant? I believe, difference would be in managing risks.
Assign topic to the user
The main difference for ISO27001:2013 implementation is that the higher the CMM level, the less effort you will need to implement the standard.
This is so because ISO 27001, besides defined processes (related to CMM level 3), also requires the definition of measurable objectives (related to CMM level 4), and continual improvement (related to CMM level 5).
Risk management is only one of the processes required by ISO 27001, and examples of other processes you need to consider are document management and internal audit.
This article will provide you a further explanation about ISO 27001 and maturity models:
- Achieving continual improvement through the use of maturity models https://advisera.com/27001academy/blog/2015/04/13/achieving-continual-improvement-through-the-use-of-maturity-models/
This material will also help you regarding ISO 27001:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Dear Dejan,
Thank you for your response.
Your knowledge sharing has boosted my confidence in this standard.
Comment as guest or Sign in
May 29, 2021