Chapter 8: Measure, monitor and review

An effective ISMS is one that helps an organisation achieve its information security objectives. These objectives should be linked to its business, regulatory and contractual objectives and should be delegated to appropriate levels within the organisation.

ISO 27001 requires the organisation to “continually improve the suitability, adequacy and effectiveness” of the ISMS. Organisations can meet the Standard’s corrective action requirements by implementing an ISMS audit plan, competent review of nonconformities, incident response procedures and other related documentation.

The combination of effective monitoring, measuring and corrective action processes – together with a formal review process and a strong ...

Get Nine Steps to Success - An ISO 27001:2022 Implementation Overview now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Nine Steps to Success - An ISO 27001:2022 Implementation Overview by Alan Calder

CHAPTER 8: MEASURE, MONITOR AND REVIEW

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly