Tackling the requirements of 6.2 in ISO 27001:2013

We hear a lot about ROI – Is the investment paying off?

It’s what drives most boardroom decisions.

Indeed, to ensure we can judge correctly whether anything is effective, we need to measure performance against a set of key objectives and use that data to inform good decision making.

If you are implementing ISO 27001:2013 and are struggling on the requirements of 6.2, consider it in terms of ROI.

Without these important controls you have an ISMS that you’ve invested heavily in but have no idea whether it is being effective in reducing the risk of an information security breach (and its related cost!).

You have no defined goals, no system metrics and no data to base decisions.

The whole ISO 27001 implementation boils down to, are we meeting our information security objectives and how do we know we are? Oh, and of course, if we’re not then what are we doing about it?

In 6.2, just as with any business process, it’s necessary to:

Set your information security objectives
Establish your metrics
Define your process for evaluation.

The tools and frameworks in ISMS.Online will help you measure and evaluate your ISMS whilst our ISO 27001 Virtual Coach Programme gives expert guidance where and when you need it most.

by Julia Heron

24 November 2015

ISO 27001

ISO 27001:2013 4.1 – Understanding The Organisation & Its Context

Welcome to the first in our blog series, Implementing ISO 27001:2013. Over the coming weeks Mark Darby, our CEO, will share his insights on how Alliantist… Keep reading >

by Julia Heron

13 July 2020

ISO 27001

4 Key Benefits of ISO 27001 Implementation

Table Of Contents:1 - 4 key benefits of ISO 27001 implementation2 - What is ISO 27001:2013 and why is it so important for organisations?3 - … Keep reading >

Conducting ISO 27001 audits in ISMS.online

by Julia Heron

12 November 2020

ISO 27001

How to develop an asset inventory for ISO 27001

When we talk about information assets we find that most people think about things like laptops and servers. But there are many other items you’ll… Keep reading >

by Julia Heron

15 November 2016

ISO 27001

Tech firm improves existing ISO 27001 ISMS and achieves audit success in just weeks

FISCAL Technologies is the leading provider of forensic solutions that empower purchase-to-pay teams across the globe to protect organisational spend.FISCAL approached ISMS.online to help it… Keep reading >

ISO 27001 implementation – 4 key challenges & how to overcome them

by David Alloway

12 November 2019

ISO 27001

ISO 27001 implementation – 4 key challenges & how to overcome them

If you’ve recognised the benefits of ISO 27001 – from legal, regulatory and contractual requirements to new business opportunities – and are considering how you’ll… Keep reading >

by Julia Heron

9 July 2018

ISO 27001

ISO 27001:2013 and ISO 27001:2017 what’s the difference?

Table Of Contents:1 - The difference in ISO 27001 versions1.1 - Let’s take a look at what those Corrigenda covered:2 - Corrigendum 1: ISO/IEC 27001:2013/Cor.1:2014(en)… Keep reading >

by Al Robertson

27 May 2021

Certification

How to maintain your ISO 27001 certification

Even with the best help and support available, achieving ISO 27001 certification is a challenging process. It takes time, effort and real organisational commitment. So… Keep reading >

by Julia Heron

8 February 2017

ISO 27001

IACCM signals its commitment to cyber and information security with ISMS.online

The International Association of Contract and Commercial Management (IACCM) has adopted ISMS.online, the powerful cloud software from Alliantist, to achieve cyber and information security management… Keep reading >

by Julia Heron

27 October 2017

ISO 27001

How to conduct your ISO 27001 Management Review

Table Of Contents:1 - What is the purpose of the ISO 27001:2013 Management Review?2 - What should be included in the Management Review?2.1 - The… Keep reading >