Expert Advice Community

Guest

Relation of ISMS with CMM level

  Quote
Guest
Guest user Created:   May 28, 2021 Last commented:   May 29, 2021

Relation of ISMS with CMM level

You had been answering my queries successfully for so many years. So, I have one more question.

What is the difference in ISO27001:2013 implementation for an organization that is operating at CMM level 3, level 4 and level 5?

Is my question relevant? I believe, difference would be in managing risks.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 28, 2021

The main difference for ISO27001:2013 implementation is that the higher the CMM level, the less effort you will need to implement the standard.

This is so because ISO 27001, besides defined processes (related to CMM level 3), also requires the definition of measurable objectives (related to CMM level 4), and continual improvement (related to CMM level 5).

Risk management is only one of the processes required by ISO 27001, and examples of other processes you need to consider are document management and internal audit.

This article will provide you a further explanation about ISO 27001 and maturity models:

This material will also help you regarding ISO 27001:

Quote
0 0
Guest
Vineet Sasurkar May 29, 2021

Dear Dejan,

Thank you for your response.

Your knowledge sharing has boosted my confidence in this standard.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 28, 2021

May 29, 2021

Suggested Topics