The Statement of Applicability (SoA) is one of the key documents that you will need to produce for your ISO 27001 information security management system (ISMS).
It is important to ensure that any corporate risk management strategy, risk management method and assessment methods are borne in mind when carrying out information security risk assessments.
Since ISO 27001 does not require the CISO, it does not prescribe what this person should do. Generally, this person should coordinate all the activities related to securing the information in a company, and here are some ideas on what this person could do.
An information security policy is the cornerstone of an information security program. It should reflect the organization’s objectives for security and the agreed upon management strategy for securing information.
What must you consider for information security to help achieve business objectives? Since the release of the 2013 revision of ISO 27001, its clause 4.1 requiring the identification of the organizational context has been [...]
One of the hot questions these days is related to clause 4.2 in ISO 27001 – Understanding the needs and expectations of interested parties. Actually, their identification is not so complicated, and it gives crucial input for developing your information security management system (ISMS).
What is ISO 27001 ?Information security systems are often regarded by organizations as simple checklists or policies and procedures that deny them a lot of things, far from the way they do their normal business. By sticking to these beliefs, organizations prevent themselves from properly building an ISMS (Information Security Management System) and achieving its full potential, either in operational and financial performance, or marketing reputation.