Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
iFour ConsultancyISO 27001 - Management Clause 9
 Performance evaluation
o In order to make systematic improvements in Information security controls, processes and manage...
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review
Performance evaluation
ISO f...
 Actions involved:
o Decide what needs to be monitored and measured
o Monitor customer’s satisfaction
o Analyse and evalu...
9.1 Monitoring, measurement, analysis and evaluation
(Contd)
Determine most
appropriate
measurement(s)
Performance
Require...
 Documentation Requirements
o Documents, logs, periodic reports on IS risks, Incidents and changes
 Implementation Requi...
 Top management reviews the organisation’s management system at regular intervals
 Documentation Requirements
o M R meet...
 Evidence of the monitoring and measurement results (9.1)
 Evidence of the audit programme(s) and the audit results (9.2...
References
http://www.iso27001security.com/html/27001.html
https://en.wikipedia.org/wiki/ISO/IEC_27001:2013
http://www....
Visit- http://www.ifour-consultancy.com
Or
http://www.ifourtechnolab.com
For more details
ISO for Software application dev...
ISO for Software application development India
Nächste SlideShare
Wird geladen in …5
×

ISO 27001 - Management Clause 9

This is an explanatory presentation for Management clause 9 of ISO-27001. It focuses majorly on Monitoring, Measurement, Analysis & Evaluation and Management Review for implementation of ISMS.

  • Loggen Sie sich ein, um Kommentare anzuzeigen.

ISO 27001 - Management Clause 9

  1. 1. iFour ConsultancyISO 27001 - Management Clause 9
  2. 2.  Performance evaluation o In order to make systematic improvements in Information security controls, processes and management system ISO 27001 - Management Clause 9 ISO for Software application development India Monitor Evaluate /Audit/ Review Measure Analyse
  3. 3. 9.1 Monitoring, measurement, analysis and evaluation 9.2 Internal audit 9.3 Management review Performance evaluation ISO for Software application development India
  4. 4.  Actions involved: o Decide what needs to be monitored and measured o Monitor customer’s satisfaction o Analyse and evaluate data and information 9.1 Monitoring, measurement, analysis and evaluation ISO for Software application development India
  5. 5. 9.1 Monitoring, measurement, analysis and evaluation (Contd) Determine most appropriate measurement(s) Performance Requirement Determine what can be measured Create measuring procedure Measure Raise improvement Escalate to top management Report measurements Analyse figures Evaluate Action Required Escalation Required https://issuu.com/public-it/docs/isms09005_process_for_monitoring__m?e=7139440/30590160 ISO for Software application development India Y N Y N
  6. 6.  Documentation Requirements o Documents, logs, periodic reports on IS risks, Incidents and changes  Implementation Requirements o Identifying various IS Metrics to be monitored and measured o Assigning monitoring responsibilities to the competent staff  Audit Requirements o Review reports on various ISMS metrics, and measurements 9.1 Monitoring, measurement, analysis and evaluation (Contd) ISO for Software application development India
  7. 7.  Top management reviews the organisation’s management system at regular intervals  Documentation Requirements o M R meeting minutes / decisions related to ISMS  Implementation Requirements o Ensuring Management reviews ISMS performance periodically o Management conducting periodic reviews on ISMS performance, status of previous issues, risk assessments reports, Audits, NCs, Corrective actions, and feedback  Audit Requirements o Review ISMS performance reviews o Review results of MRs (Corrective actions) 9.3 Management review ISO for Software application development India
  8. 8.  Evidence of the monitoring and measurement results (9.1)  Evidence of the audit programme(s) and the audit results (9.2)  Evidence of the results of management reviews of the ISMS (9.3) Requirements for documented information ISO for Software application development India
  9. 9. References http://www.iso27001security.com/html/27001.html https://en.wikipedia.org/wiki/ISO/IEC_27001:2013 http://www.imsm.com/gb/iso-9001-revision/iso-90012015-clause-9/ https://issuu.com/public- it/docs/isms09005_process_for_monitoring__m?e=7139440/30590160 ISO for Software application development India
  10. 10. Visit- http://www.ifour-consultancy.com Or http://www.ifourtechnolab.com For more details ISO for Software application development India
  11. 11. ISO for Software application development India

×