On the other hand, ISO are best practices that are not mandatory. That means that an organization does not need to comply with ISO but can use it as inspiration to implement requirements in ISO For example, in ISO you have a control that requires the organization to do backups and in ISO you have the same control but more developed, saying that the backups should be done at planned intervals, that should be tested, that you should backup data and software, etc.
ISO is more complex and difficult to comply with but it is not mandatory because depending on the context and the business of the organization it could implement the control in another way. ISO establishes what you have to do but not how. ISO describes how. Control objectives and controls from these tables shall be selected as part of the ISMS process specified in 4. So you do have to take Annex A controls in scope, be it that you can place them out-of-scope if you can argue why for example no software development takes place, or the risk is too low.
Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. Ask Question. Asked 7 years, 1 month ago. Active 4 years, 7 months ago. Viewed 58k times. The series has informal relationships with a number of other standards.
Our Other Standards Section identifies some of these and provides a brief definition of each. Site Search:. ISO This standard covers information security system management measurement and metrics, including suggested ISO aligned controls. Buying Standards For sources of these standards and related products, please visit our Standards Download Page This will be updated with new sources on an ongoing basis. Dejan leads our team in managing several websites that specialize in supporting ISO and IT professionals in their understanding and successful implementation of top international standards.
Dejan earned his MBA from Henley Management College, and has extensive experience in investment, insurance, and banking. Upcoming free webinar. Presenter Angella Carlisle. Thursday — January 20, Suggested reading. Communicating is a key activity for any human being. This is also the One of the main rules of good communication is to adjust your speech You have successfully subscribed! You'll receive the next newsletter in a week or two.
0コメント