Hi All,
ISO/IEC 27001 topics are new for me.
I would like to ask you for support in below question.
As a requirement of our customer we are implementing ISO/IEC 27001 in part of our organization. We are working in customer's systems on his network (some kind of database). The assets we would like to protect are information to which we have access via this system and data which we save in this system (on line working). For protect these assets we implemented required by customer controls.
In addition, to implement ISO/IEC 27001 we are creating procedures, polices, records which will be maintain on our network.
Key process is supported by processes such as facility management process, quality and hr.
Here my question comes:
In this case, is there a possibility to exclude our IT?
Thank you in advance for all responses.
ISO/IEC 27001 topics are new for me.
I would like to ask you for support in below question.
As a requirement of our customer we are implementing ISO/IEC 27001 in part of our organization. We are working in customer's systems on his network (some kind of database). The assets we would like to protect are information to which we have access via this system and data which we save in this system (on line working). For protect these assets we implemented required by customer controls.
In addition, to implement ISO/IEC 27001 we are creating procedures, polices, records which will be maintain on our network.
Key process is supported by processes such as facility management process, quality and hr.
Here my question comes:
In this case, is there a possibility to exclude our IT?
Thank you in advance for all responses.