Guest user Created: Jun 30, 2016 Last commented: Jun 30, 2016

To be compliant, what is the minimum to be done?

As the first step, we want to be a ISO 27001 compliant organization, and then later get a certification. To be "compliant", what is the minimum that we will need to do?

0 0

Assign topic to the user

Select user

Expert

Dejan Kosutic Jun 30, 2016

Answer:

Basically, there is no difference between "being compliant with the standard" and "being ready for the certification" - so the point is you have to implement:
1) all the mandatory documents
2) all the non-mandatory documents you consider necessary for your company
3) make sure all of your employees comply with all this documentation

In our ISO 27001 Documentation Toolkit you'll find a document called "List of documents" which specifies all the documents that are mandatory, and all the documents that are optional. When you follow the steps in the toolkit, you will be able to conclude which non-mandatory documents will be necessary for you.

It is also recommendable to go through this free online course because it will explain you how the whole standard works: ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jun 30, 2016

Expert Advice Community