ISO 27001 Frequently Asked Questions
-
What is the relation between ISO 27001 and ISMS?
ISMS stands for “Information Security Management System” which is the title of the ISO 27001 standard. ISO 27001 is made of a set of clauses to provide guidance on the creation or a best practice ISMS system to manage security risks and drive improvements in a company’s security posture.
In annexure A of ISO 27001 a list of common security controls (Security Policy framework, HR security, physical security, network security, etc.) are listed and is used to effectively assess all aspects of an organisation.
- ISO 2001 Annexure controls Vs. ISO 27001 clauses
- “We struggle to get funding for basic security tools/Our security posture is shocking. ISO 27001:2013 is a distant dream.”
- Will the project impact on my current operations?
- Can Privasec certify me? What is the difference between Privasec and SAI Global?
- Will you mitigate my risks for me? Isn’t that a conflict of interest?