This FAQ addresses Frequently Asked Questions concerning the ISO/IEC 27000-series (“ISO27k”) standards. It provides generic explanations and advice and comes with a liberal sprinkling of pragmatic implementation tips.
FAQ: About the ISO27k standards START HERE!
General, relatively basic questions typically posed by complete newcomers to ISO27k.
FAQ: Getting started on your ISO27k implementation
Practical advice about scoping, structuring and gaining management support for an ISMS implementation project.
FAQ: Information security risk management
The entire ISO27k approach is risk-aligned, so a thorough understanding of the concepts and practices involved in managing information security risks is essential.
FAQ: ISMS documentation
This part of the FAQ describes various formal documents required by ISO/IEC 27001, such as information security policies and procedures.
FAQ: ISMS maturity
Questions that tend to crop up once an ISMS is operating.
FAQ: ISMS auditing and certification
Questions concerning ISMS internal audits and certified compliance of an ISMS against ISO/IEC 27001.
If you have ISO27k-related questions that you would like answered, please join and post your queries on the ISO27k Forum. We reserve the right to reproduce or plagiarise common or generally useful questions and answers here for the benefit of all our visitors, although we will do so anonymously and in a generic manner.
We are neither infallible nor all-knowing so please bear with us if we or other ISO27k Forum members take a while to respond, are sometimes a bit vague, and make mistakes. Occasional responses are contradictory ... and those are sometimes the most interesting. If you are experienced in this field and have better, more precise or more accurate answers to the questions noted above, by all means join and respond to queries on the Forum or get in touch. Pragmatic hints and tips from those of you who have actually been through the process are particularly welcome. As Forum owners & admins, we appreciate the help as there are inevitably practical limits to the amount of free consultancy advice we can offer!