Tackling the requirements of 6.2 in ISO 27001:2013

We hear a lot about ROI – Is the investment paying off?

It’s what drives most boardroom decisions.

Indeed, to ensure we can judge correctly whether anything is effective, we need to measure performance against a set of key objectives and use that data to inform good decision making.

If you are implementing ISO 27001:2013 and are struggling on the requirements of 6.2, consider it in terms of ROI.

Without these important controls you have an ISMS that you’ve invested heavily in but have no idea whether it is being effective in reducing the risk of an information security breach (and its related cost!).

You have no defined goals, no system metrics and no data to base decisions.

The whole ISO 27001 implementation boils down to, are we meeting our information security objectives and how do we know we are? Oh, and of course, if we’re not then what are we doing about it?

In 6.2, just as with any business process, it’s necessary to:

Set your information security objectives
Establish your metrics
Define your process for evaluation.

The tools and frameworks in ISMS.Online will help you measure and evaluate your ISMS whilst our ISO 27001 Virtual Coach Programme gives expert guidance where and when you need it most.

by Adam Bourne

17 February 2021

ISO 27001

Top 5 tips for achieving ISO 27001 Certification – Infographic

Check out our infographic for the top five tips on achieving ISO 27001 certification. Keep reading >

by Julia Heron

28 January 2016

ISO 27001

Targeting public sector sales in 2016? Aim high with G-Cloud

January is the month for new year resolutions and businesses are no different.Instead of losing weight and getting fit, organisations are more likely to be… Keep reading >

man on keyboard considering ISO 27001 misconceptions

by Julia Heron

9 December 2015

ISO 27001

10 Common Misconceptions About ISO 27001

With so much publicity surrounding information security and costly breaches, many businesses will be looking at how to protect themselves. It's little wonder. The recent… Keep reading >

by Julia Heron

14 March 2016

ISO 27001

Managing risk for information security – the ISO 27001:2013 way

It was following a demo of our online software for managing your ISMS, that I was subjected to an uncharacteristic rant by Mark Darby, our… Keep reading >

by Julia Heron

30 March 2016

ISO 27001

Facewatch fighting crime and proving their commitment to information security using ISMS.Online

The Alliantist team are busy on another ISMS.online client roll-out. Of course, we’re always pleased to be supporting clients on their journey towards ISO 27001 certification… Keep reading >

by Julia Heron

1 March 2017

ISO 27001

Medical software company selects ISMS software for infosec excellence

Itémedical is a leading supplier of medical hardware and software in the Benelux. It is dedicated to improving patient care by providing user-friendly decision support… Keep reading >

ISO 27001 - managing risk & updating the SoA in ISMS.online

by Julia Heron

3 December 2019

ISO 27001

The ISO 27001:2013 Statement of Applicability (SoA): The Complete Guide

The Statement of Applicability (SoA) forms a fundamental part of your information security management system (ISMS) and, together with the Scope, as described in 4.3… Keep reading >

by Al Robertson

4 January 2021

ISO 27001

Unboxing your new game of ISO 27001

First of all, Happy New Year! We hope your year’s begun well and wish you the very best for the rest of it. We’ve certainly… Keep reading >

by Julia Heron

9 July 2018

ISO 27001

ISO 27001:2013 and ISO 27001:2017 what’s the difference?

Table Of Contents:1 - The difference in ISO 27001 versions1.1 - Let’s take a look at what those Corrigenda covered:2 - Corrigendum 1: ISO/IEC 27001:2013/Cor.1:2014(en)… Keep reading >