You’ve read the cyber security headlines spreading fear, uncertainty and doubt, but have you thought about how easy it might be to address it while making the most of your organization’s investment in security by using an existing ISO 9001 (quality) or ISO 14001 (environmental) conforming management system?
The much-referenced ‘Annex SL’ – more penetrably described as “high-level structure, identical core text and common terms and definitions” – means that adding in a new discipline such as cyber or information security to an existing ISO management system is easier than ever. Even addressing two (or more?) standards from a cold start can be a lot less painful than you might expect.
The single management system approach that ISO standards now provide means that more organizations recognise the benefits of implementing more than one management system in a single solution. These benefits include exposing conflicting business objectives, avoiding the duplication of documentation, reducing overall risks, creating a formalised system (not necessarily with lots of documents!) out of informal processes, and enabling the organization to focus on achieving its objectives.
Organizations already certified to ISO 9001 or ISO 14001, and concerned about the ongoing and evolving threats of cyber-crime, may see ISO 27001 certification as a logical and straightforward step to bolster their defenses.
Read more here: https://www.nqa.com/en-gb/resources/blog/october-2016/managing-cyber-risk