Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Section 9.1 - Monitoring, Measurement, Analysis and Evaluation

Im working on designing a way to monitor and measure the performance of our ISO 27001 and was unable to find any templates in the toolkit. Is this incorporated in another document, or should a separate document required?

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

ISO 27001 does not require you to have a separate document for measurement - what is important is to define the objectives and responsibilities who is going to measure whether these objectives are fulfilled.

Objectives are documented here:

General ISMS objectives - in the Information Security Policy
Specific control objectives - in the Statement of Applicability

Responsibilities for measurement are documented in Information Security Policy (section 4.1).

These materials will also help you:

article ISO 27001 control objectives Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
webinar ISO 27001 and ISO 27004: How to measure t he effectiveness of information security? https://advisera.com/27001academy/webinar/iso-27001-iso-27004-measure-effectiveness-information-security-free-webinar/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community