Guest user Created: Jan 27, 2017 Last commented: Jan 27, 2017

Standards in ISO 27001 series

Just having a confusion please clear this: Deploying ISO 27001 will cover all Information Security, Network Security, Application Security , Management etc., OR a Separte ISO standard will be followed for each like ISO 27033 for Network Security, ISO 27034 for Application etc

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jan 27, 2017

Answer: As you pointed, ISO 27001 has recommended control objectives and controls for all areas you mentioned, and in terms of an ISO certified management system it is enough to be in compliance with only ISO 27001. The other standards you mentioned provide additional information and details about how to implement controls described in ISO 27001 Annex A, but they are not required for certification. Think of them as useful tools to improve your controls.

These materials will also help you regarding general guidelines for ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secu re-simple-a-small-business-guide-toimplementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 27, 2017

Expert Advice Community