Is ISO 27001 related to IT?

Is ISO 27001 related to Information Technology or IT?

Well there is a relationship - but you can't say IT is ISO 27001 or vice versa, ISO 27001 is IT - why?

Because ISO 27001 gives you the whole business model, the whole framework and management system for information security. This shows the way they're related and how IT supports ISMS.

IT can be used as one of the tools and solutions to help you implement ISMS, showing there is a relationship but it isn't the only factor in ISMS. ISMS is about having the resources, not just the IT materials, but the people resources, the competency level and having a commitment by the top management.

Top management is increasingly committing to integrating ISMS into the culture of the organization, into its processes, and using it to identify risk and opportunities. IT can be just one component of risking opportunities.

IT software can be used for monitoring and measuring but again, IT is a support, it has a support role, only in my view for ISMS. Yes, there is a relationship but there's also a clear distinction between the two.

Featured Posts
Recent Posts
Archive
Search By Tags
Follow Us
  • YouTube Best Practice Icon
  • LinkedIn Social Icon
  • Facebook Basic Square
  • Instagram Social Icon
  • Twitter Basic Square

© 2019 by Best Practice

  • White YouTube Icon
  • White LinkedIn Icon
  • White Instagram Icon
  • White Facebook Icon
  • White Twitter Icon