Jump to content


Photo

G2 helping BSI explore interest in a 3rd-party assessment combining Cybersecurity Framework and the ISO/IEC 27001:2013 standard

ISO Certification Implementation BSI

  • Please log in to reply
No replies to this topic

#1 Tom.Conkle

Tom.Conkle

    Member

  • Administrators
  • 20 posts

Posted 23 August 2016 - 02:17 PM

As G2's engineers help to implement the Cybersecurity Framework around the world, we often find that clients are using (or plan to use) the ISO/IEC 27000 family of standards to help establish, implement, maintain, and continually improve their Information Security Management Systems. These organization currently receive recognition for their work in implementing ISO; however, their use of the Framework is not acknowledged or readily recognizable by other organizations.  If a Framework "certification" was established, would companies use and/or trust the “certification”? The very use of and model for Framework is voluntary, and Framework isn’t set up to be a conformance standard, yet it’s well-structured and interchangeable.

 

Many Framework users are already working toward formal assessment of their conformance to ISO/IEC 27001 procedures and controls. If an accredited assessor is already assessing the implementation of those ISO procedures and controls (which align with many of the Framework outcomes), would it be valuable to assess the reasonableness of how the organization has implemented the Framework itself? It might be – that’s what we’re looking to find out.

 

BSI has released an RFI to determine if such a "certification" would provide value to the community and how organizations could leverage the "certification" to help them make business decisions.  The RFI is available at BSI via this link – pro or con, we’d welcome your input at http://pages.bsigrou...16-08-11/61k6wf.







Also tagged with one or more of these keywords: ISO, Certification, Implementation, BSI

0 user(s) are reading this topic

0 users, 0 guests, 0 anonymous users