I am starting out contracting under a Ltd company and I am the only employee. I am filling in a Due Diligence form and they ask if I do not hold ISO27001 Information Security Certification then do I have a documented Information Security Policy, has anyone else had this question and how have they dealt with it? I am providing project management services and I guess as a contractor I will have to use my own laptop.
-
-
You can review the Cyber Essentials questionnaire and see how much you are aware of/conform to its requirements https://www.cyberaware.gov.uk/cyberessentials
This might serve as a baseline Information security policy for your business and if needed, you can get your business certified too.
(sufficient for a small business I think, but not quite ISO27001) -
Thanks very muchComment
-
I guess the jobsworth have put you on their portfolio to undergo the 3rd party due diligence assurance which is aligned to ISO27001. Call them up and let them know you are a one man company and not in scope for the process.Comment
Comment