cybersecurity

10 readers

1 users here now

This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.

founded 1 year ago

MODERATORS

[email protected]

Tips for ISO 27001 Policy when you are maturing your practises (zerobytes.monster)

submitted 1 month ago by [email protected] to c/[email protected]

0 comments fedilink hide all child comments

The original post: /r/cybersecurity by /u/Exact-Salt7504 on 2024-10-11 19:37:26.

Hi there,

I have been tasked with aligning our company's policies with ISO 27001: 2022.

There is certain control areas where we are not compliant, but would like to put it into policy, to then drive the compliance. We would likely accept this is as an enterprise risk.

Could anyone provide suggestions of the language we could use in our policy to reflect that we are moving towards the implementation of the control && also address the ISO requirement?

My initial thoughts include:

The organisation will strive to implement control XYZ...
Where feasible, the organisation will implement XYZ...

I would appreciate any feedback (e.g. your experience with how this goes in an audit, and any suggestions around suitable language).

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here