Am bidding on a tender that requires working towards ISO 27001 and 27002 accreditation, and was wondering whether anyone had any thoughts on the best (=quickest and cheapest) approach to this.
I've considered downloading the toolkits that are out there, and putting together the basic security and other policies, as this would cost approx £400-500. And then paddle like mad if I win the tender and get accredited as soon as I can.
In any case, the proposal would use an accredited hosted server provider, the issue is mainly around my laptop, and possibly some subcontractors.
This could well be a one-off attempt at a tender, so can't really justify the £4000 that companies are asking, for something that may not come to anything. However, having the ISO badge might be worthwhile in the longer run.
Has anyone else gone through this process before, and would they be able to make any recommendations on providers/toolkits/approaches?
Sorry if this sounds dimwitted, I'm probably just looking for an indication as to whether I am on the right track...
Many thanks!
Some reference tools from Itgovernance: http:/. /affiliate.itgovernance.co.uk//idevaffiliate.php?id=143602_0_4_2 - - IT Governance - Governance, Risk Management and Compliance for Information Technology
I've considered downloading the toolkits that are out there, and putting together the basic security and other policies, as this would cost approx £400-500. And then paddle like mad if I win the tender and get accredited as soon as I can.
In any case, the proposal would use an accredited hosted server provider, the issue is mainly around my laptop, and possibly some subcontractors.
This could well be a one-off attempt at a tender, so can't really justify the £4000 that companies are asking, for something that may not come to anything. However, having the ISO badge might be worthwhile in the longer run.
Has anyone else gone through this process before, and would they be able to make any recommendations on providers/toolkits/approaches?
Sorry if this sounds dimwitted, I'm probably just looking for an indication as to whether I am on the right track...
Many thanks!
Some reference tools from Itgovernance: http:/. /affiliate.itgovernance.co.uk//idevaffiliate.php?id=143602_0_4_2 - - IT Governance - Governance, Risk Management and Compliance for Information Technology
Comment