Various questions about ISO 27002
Assign topic to the user
2. Do you provide a 27002 tool kit as well?
3. Only large companies need iso 27002. So does that mean with the 27001 toolkit they will not be able to obtain certification?
4. Why a small or medium company will not require to have controls/guidelines in place before certification, can you please explain?
Answers:
1.- You need to implement security controls to reduce risks identified during the risk management (the risk management is an important requisite in ISO 27001). For the implementation of these controls, you can use the Annex A of ISO 27001:2013, which gives you a brief description of each control. If you need more information about the implementation of each control, you can use ISO 27002, but it is not strictly necessary, because if you know how to implement security controls to reduce your risks, you do not need to have the ISO 27002. For example, you can find in the Annex A the control A.12.3.1 Information bac kup, but if you know how to perform backups, you do not need more information about the implementation of this control, so you do not need ISO 27002 for this.
2.- Not yet, I am sorry, but we are working on it.
3.- I am sorry but I do not agree with this point. Large companies can also implement and certify ISO 27001 with our toolkit, and they will need ISO 27002 for those controls where they need information about how to implement them.
4.- I am not sure if I have understood your question, but all companies are treated here in the same way, so all companies before the certification need to implement security controls to reduce risks identified during the risk assessment.
If you don’t know our toolkit, I recommend you to download it from here (please click on “DOWNLOAD FREE TOOLKIT DEMO”) “ISO 27001 Documentation Toolkit” : https://advisera.com/27001academy/iso-27001-documentation-toolkit/
And this article about differences about ISO 27001 and ISO 27002 can be useful for you “ISO 27001 vs. ISO 27002” : https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
Finally, our online course can be interesting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 11, 2016