Is ISO 27001 related to IT?

Is ISO 27001 related to Information Technology or IT?

Well there is a relationship - but you can't say IT is ISO 27001 or vice versa, ISO 27001 is IT - why?

Because ISO 27001 gives you the whole business model, the whole framework and management system for information security. This shows the way they're related and how IT supports ISMS.

IT can be used as one of the tools and solutions to help you implement ISMS, showing there is a relationship but it isn't the only factor in ISMS. ISMS is about having the resources, not just the IT materials, but the people resources, the competency level and having a commitment by the top management.

Top management is increasingly committing to integrating ISMS into the culture of the organization, into its processes, and using it to identify risk and opportunities. IT can be just one component of risking opportunities.

IT software can be used for monitoring and measuring but again, IT is a support, it has a support role, only in my view for ISMS. Yes, there is a relationship but there's also a clear distinction between the two.

ISO 27001

Featured Posts
Recent Posts
Search By Tags
Follow Us