ISO 27001 Frequently Asked Questions
What is the relation between ISO 27001 and ISMS?
ISMS stands for “Information Security Management System” which is the title of the ISO 27001 standard. ISO 27001 is made of a set of clauses to provide guidance on the creation or a best practice ISMS system to manage security risks and drive improvements in a company’s security posture.
In annexure A of ISO 27001 a list of common security controls (Security Policy framework, HR security, physical security, network security, etc.) are listed and is used to effectively assess all aspects of an organisation.
- ISO 2001 Annexure controls Vs. ISO 27001 clauses
- “We struggle to get funding for basic security tools/Our security posture is shocking. ISO 27001:2013 is a distant dream.”
- Will the project impact on my current operations?
- Can Privasec certify me? What is the difference between Privasec and SAI Global?
- Will you mitigate my risks for me? Isn’t that a conflict of interest?