Search in ISMS Guides


Tuesday, August 28, 2007

ISO 27001: ISMS Highlights

Clarifies and improves existing PDCA process requirements
ISMS scope (inc. details & justification for any exclusions)
Approach to risk assessment (to produce comparable & reproducible results)
Selection of controls (criteria for accepting risks)
Statement of Applicability (currently implemented)
Reviewing risks
Management commitment
ISMS internal audits
Results of effectiveness and measurements
(summarised statement on ‘measures of effectiveness’)
Update risk treatment plans, procedures and controls

No comments: