• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "ISO 27001 or 27002 accreditation"

Collapse

  • Netraider
    replied
    The certification is ISO27001:2005. ISO27002 is the Code of Practice for Information Security Management.

    I implement ISO27001 for medium to large size organisations, and would not recommend the online toolkits. If the tender says working towards, don't panic about getting the certification just yet. Get copies of ISO27001 and 27002,and a decent book Linky is ok, so long as you ignore any mention of buying their toolkits. Follow the guidance, and that should meet the requirements of the tender.

    HTH

    Leave a comment:


  • vinhbt
    started a topic ISO 27001 or 27002 accreditation

    ISO 27001 or 27002 accreditation

    Am bidding on a tender that requires working towards ISO 27001 and 27002 accreditation, and was wondering whether anyone had any thoughts on the best (=quickest and cheapest) approach to this.

    I've considered downloading the toolkits that are out there, and putting together the basic security and other policies, as this would cost approx £400-500. And then paddle like mad if I win the tender and get accredited as soon as I can.

    In any case, the proposal would use an accredited hosted server provider, the issue is mainly around my laptop, and possibly some subcontractors.

    This could well be a one-off attempt at a tender, so can't really justify the £4000 that companies are asking, for something that may not come to anything. However, having the ISO badge might be worthwhile in the longer run.

    Has anyone else gone through this process before, and would they be able to make any recommendations on providers/toolkits/approaches?

    Sorry if this sounds dimwitted, I'm probably just looking for an indication as to whether I am on the right track...

    Many thanks!

    Some reference tools from Itgovernance: http:/. /affiliate.itgovernance.co.uk//idevaffiliate.php?id=143602_0_4_2 - - IT Governance - Governance, Risk Management and Compliance for Information Technology

Working...
X