Monday, December 22, 2008
How do you comply or certify with ISO 27001?
In preparing for the implementation of ISO 27001, organisations must follow the Plan, Do, Check, Act (PDCA) process of continual improvement which requires the completion of a series of activities and the production of a number of specified deliverables that will assist in the establishment of an information security management system (ISMS). At a high level and broadly speaking, the Plan Phase entails assessing risks, the Do Phase comprises the treatment of risks, the Check Phase involves the auditing and review of the management system and the Act Phase involves implementing improvements, corrective and preventive actions. The ISMS is the mechanism by which organisations show that they have identified their information security requirements and are operating, monitoring, and maintaining or improving controls to satisfy these requirements.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment