Jump to content
Sign in to follow this  

G2 helping BSI explore interest in a 3rd-party assessment combining Cybersecurity Framework and the ISO/IEC 27001:2013 standard

Recommended Posts

As G2's engineers help to implement the Cybersecurity Framework around the world, we often find that clients are using (or plan to use) the ISO/IEC 27000 family of standards to help establish, implement, maintain, and continually improve their Information Security Management Systems. These organization currently receive recognition for their work in implementing ISO; however, their use of the Framework is not acknowledged or readily recognizable by other organizations.  If a Framework "certification" was established, would companies use and/or trust the “certification”? The very use of and model for Framework is voluntary, and Framework isn’t set up to be a conformance standard, yet it’s well-structured and interchangeable.


Many Framework users are already working toward formal assessment of their conformance to ISO/IEC 27001 procedures and controls. If an accredited assessor is already assessing the implementation of those ISO procedures and controls (which align with many of the Framework outcomes), would it be valuable to assess the reasonableness of how the organization has implemented the Framework itself? It might be – that’s what we’re looking to find out.


BSI has released an RFI to determine if such a "certification" would provide value to the community and how organizations could leverage the "certification" to help them make business decisions.  The RFI is available at BSI via this link – pro or con, we’d welcome your input at http://pages.bsigroup.com/l/73472/2016-08-11/61k6wf.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this