Section 9.1 - Monitoring, Measurement, Analysis and Evaluation
Assign topic to the user
ISO 27001 does not require you to have a separate document for measurement - what is important is to define the objectives and responsibilities who is going to measure whether these objectives are fulfilled.
Objectives are documented here:
General ISMS objectives - in the Information Security Policy
Specific control objectives - in the Statement of Applicability
Responsibilities for measurement are documented in Information Security Policy (section 4.1).
These materials will also help you:
article ISO 27001 control objectives Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
webinar ISO 27001 and ISO 27004: How to measure t he effectiveness of information security? https://advisera.com/27001academy/webinar/iso-27001-iso-27004-measure-effectiveness-information-security-free-webinar/
Comment as guest or Sign in
Jan 12, 2016