A requirement of ISO 27001 is to provide an adequate level of resources so that you can maintain and continually improve your information security management system (ISMS).
The aim here is to demonstrate an adequate and proportionate level of information security knowledge and competence. These can be internal or external resources, for example, if you had an information security advisor coming into the company for a short period of time.
Competence of the individuals involved with the ISMS should be assessed, the organisation’s requirements identified and agreed what is adequate competence. Then you should identify how to fill any gaps.
The organisation should commit to providing training, education or mentoring to any individual tasked with maintaining information security.
The person responsible for managing the information security management system should be aware of everything concerned with the policies and controls held within it.
The organisation should have a plan in place for communicating, internally and externally, information about the information security management system – this could include the benefits of using an ISMS. A formal process of communication should be agreed and documented.
The process could include the following:
The ISMS.online platform makes it easy for you to determine and provide the necessary resources, competencies, awareness and communication capabilities for establishing and implementing an ISMS.
Our pre-configured ISMS provides a single policy that covers requirements 7.1, 7.2, 7.3 and 7.4. The AAA content references other policies and controls that evidence resource management, as well as mechanisms and features within ISMS.online that make it easy to address this requirement.
The AAA framework for 7.1-7.4 can be adapted to reflect any additional training, coaching or consulting that your organisation has invested in, including the Virtual Coach programme.
You are provided with ready-made controls and references to subordinate policies that can be adopted, adapted, or added to out of the box.
This means that you have ready-made simple to follow foundation for ISO 27001 compliance or certification giving you a 77% head start.
Easily collaborate, create and show you are on top of your documentation at all times
Find out more
Effortlessly address threats & opportunities and dynamically report on performance
Find out more
Make better decisions and show you are in control with dashboards, KPIs and related reporting
Find out more
Make light work of corrective actions, improvements, audits and management reviews
Find out more
Shine a light on critical relationships and elegantly link areas such as assets, risks, controls and suppliers
Find out more
Select assets from the Asset Bank and create your Asset Inventory with ease
Find out more
Out of the box integrations with your other key business systems to simplify your compliance
Find out more
Neatly add in other areas of compliance affecting your organisation to achieve even more
Find out more
Engage staff, suppliers and others with dynamic end-to-end compliance at all times
Find out more
Manage due diligence, contracts, contacts and relationships over their lifecycle
Find out more
Visually map and manage interested parties to ensure their needs are clearly addressed
Find out more
Strong privacy by design and security controls to match your needs & expectations
Find out more
