Tackling the requirements of 6.2 in ISO 27001:2013

We hear a lot about ROI – Is the investment paying off?

It’s what drives most boardroom decisions.

Indeed, to ensure we can judge correctly whether anything is effective, we need to measure performance against a set of key objectives and use that data to inform good decision making.

If you are implementing ISO 27001:2013 and are struggling on the requirements of 6.2, consider it in terms of ROI.

Without these important controls you have an ISMS that you’ve invested heavily in but have no idea whether it is being effective in reducing the risk of an information security breach (and its related cost!).

You have no defined goals, no system metrics and no data to base decisions. 

The whole ISO 27001 implementation boils down to, are we meeting our information security objectives and how do we know we are? Oh, and of course, if we’re not then what are we doing about it?

In 6.2, just as with any business process, it’s necessary to:

1. Set your information security objectives
2. Establish your metrics
3. Define your process for evaluation.

The tools and frameworks in ISMS.Online will help you measure and evaluate your ISMS whilst our ISO 27001 Virtual Coach Programme gives expert guidance where and when you need it most.

Related Posts

by Julia Heron

11 November 2016

ISO 27001

Market Research Agency achieves UKAS accredited ISO 27001 by using ISMS.online after other approaches failed

We're delighted to announce that ISMS.online customer, BrainJuicer, have achieved ISO 27001:2013 accreditation.  Keep reading >

by Julia Heron

14 March 2016

ISO 27001

Managing risk for information security – the ISO 27001:2013 way

It was following a demo of our online software for managing your ISMS, that I was subjected to an uncharacteristic rant by Mark Darby, our… Keep reading >

by Julia Heron

13 July 2020

ISO 27001

4 Key Benefits of ISO 27001 Implementation

Table Of Contents:1  -  4 key benefits of ISO 27001 implementation2  -  What is ISO 27001:2013 and why is it so important for organisations?3  - … Keep reading >

by Julia Heron

24 March 2016

ISO 27001

The Alliantist team are busy on another ISMS.online client roll-out

This time we are particularly pleased as are own work with public sector departments gave us insight to the need for our customer to verify… Keep reading >

by Julia Heron

27 October 2017

ISO 27001

How to conduct your ISO 27001 Management Review

Table Of Contents:1  -  What is the purpose of the ISO 27001:2013 Management Review?2  -  What should be included in the Management Review?2.1  -  The… Keep reading >

by Julia Heron

10 January 2017

ISO 27001

ISO 27001 Cheat Sheet for 2017

We should qualify that there are, of course, no real ‘cheats’ available when seeking ISO 27001 accreditation.At least not the sort that will give you… Keep reading >

by Julia Heron

26 October 2015

ISO 27001

BrainJuicer innovates towards achieving ISO 27001

BrainJuicer knows a thing or two about how to achieve business advantage. The organisation also recognises the importance of information security internally, and in building… Keep reading >

by Julia Heron

16 October 2017

ISO 27001

ISO 27001 Help from ISMS.online

Table Of Contents:1  -  The team at ISMS.online and Alliantist understand what’s involved in achieving ISO 27001, after going through the process in 2012.2  - … Keep reading >

by Julia Heron

15 November 2016

ISO 27001

Tech firm improves existing ISO 27001 ISMS and achieves audit success in just weeks

FISCAL Technologies is the  leading provider of forensic solutions that empower purchase-to-pay teams across the globe to protect organisational spend.FISCAL approached ISMS.online to help it… Keep reading >

by Al Robertson

24 November 2020

ISO 27001

Building stable, secure supplier relationships with ISO 27001

Table Of Contents:1  -  So a supplier messes up. What’s the worst that could happen?2  -  Strengthening your supplier relationships3  -  Protecting your information assets4 … Keep reading >