We emphasis the Business rather than just the Security or IT part of ISO 27001. Instead of many Polices, Procedure and Work Instructions (one system we converted had over 80 Work Instructions which was completely unworkable). We concentrate on an integrated solution.
Note – ISO 27001 should not be dominated by IT requirements since it relates to all Company information. Nor should the controls and processes be dominated by only Security issues since the Standard relates to Risk Management associated to the:
Very useful information..
ReplyDeleteISO 50001 Certification