Search in ISMS Guides


Wednesday, July 25, 2007

I see ISM3 doesn't follow ISO27001. Can a ISM system be ISM3 and ISO27001 compliant ?

ISM3 is a specification for creating ISM systems, so ISM3 itself doesn't need to be ISO27001 compliant. Certification is performed on specific ISM systems, so ISM3 can be used to create ISO27001 compliant ISM systems, that will have to use risk analysis/assessment and implement all applicable ISO27001 controls.


No comments: