The best KPIs for monitoring metrics
What KPIs will be the best to choose for monitoring metrics?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 does not prescribe which performance indicators should be adopted by organizations, so there is no such thing as best KPIs, and organizations must define them according to their own needs and objectives. Some common issues organizations should take into account when defining KPIs are:
- Business relevant: indicator aligned to clear business objectives or legal requirements
- Process integrated: a KPI should add the least amount of work possible into business processes.
- Assertive: the indicator should be capable of pinpointing relevant issues that need attention.
As general examples we have:
- Percent of business initiatives supported by the ISMS
- Number of security-related service downtimes
- Percent of controls assessment performed
- Number of improvement initiatives
These articles will provide you a further explanation about performance indicators and security objectives:
- Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
Comment as guest or Sign in
Mar 04, 2021