Standards applicability
Assign topic to the user
Answer: ISO management standards (like ISO 27001 / BS EN ISO 9001) were designed to be implemented in organizations of any industry or size, so they would work the same way for any of them:
1 - Identification of business context and requirements
2 - Development and implementation of documents and records required by the standard
3 - Development and implementation of documents and records required by business operations
4 - Processes performance measurement, monitoring and review
5 - Implementation of corrective actions and opportunities of improvement
The difference would be in the number and complexity of the developed documentation, and the required resources.
These articles will provide you further explanation about ISO 27001:
- What is IS 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
2 - Can this apply and is it useful/necessary in this case or is there any equivalent?
Answer: As mentioned in answer 1, these standards can be applied in your case, and can be useful in at least four ways:
- to decrease costs related to information security incidents
- to provide a competitive edge in your market
- to help organize operations
- to help ensure compliance with legal requirements you must fulfil
Regarding necessity, you should consider your customers and legal requirements you must comply with.
This article will provide you further explanation about ISO 27001 benefits:
- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
3 - Also what is the average cost for an "extra" small company ( Web-based Dev - 1 employee )
Answer: There are a significant number of variables to be considered when estimating an implementation cost, even for such a small organizations, so without more detailed information it's not possible to precise a value. What I can tell you are some cost issues you should consider:
- Training and literature
- External assistance
- Technologies to be updated / implemented
- Employee's effort and time
- The certification process
Regarding knowledge on costs, I suggest you these articles:
- How much does ISO 27001 implementation cost? https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/
- 5 ways to avoid overhead with ISO 27001 (and keep the costs down) https://advisera.com/27001academy/blog/2012/06/19/5-ways-to-avoid-overhead-with-iso-27001-and-keep-the-costs-down/
- How to Budget an ISO 27001 Implementation Project https://info.advisera.com/27001academy/free-download/how-to-budget-an-iso-27001-implementation-project
Comment as guest or Sign in
May 26, 2018