Popular posts

Milica did you actually read the paper? I am trying to get it but all I get useless are previews. Or some 5 day courses. Which to me seam quite useless to some degree.

Did you participate in one? or was this more of a generic answer? I actually want my company to have it or something similar, we are very keen about keeping our customer data safe, but I don't wanna waste money and time on something I already know / implemented.

Esp the problem with ISO27001 is that it seams like the base certificate and after that you would need ISO27002 for code security if read correct ...

Anyhow it would be cool if you could share some information so I know if it's really worth it paying

if I read the 27000 page 29 §4.1 it seams like a extreme segregation with at least 3 baselines but you actually want to have at least the requirements and the guidelines.

standards.iso.org/ittf/PubliclyAvailableStandards…).zip

Hey j, unfortunately, I'm not directly involved in the certification process. My main task is to provide average-Joe-readable security documents for our clients in this case.

The thing with the certification is that you need it to prove that you're a safe bet for your clients and that you guarantee that you're storing/handling their data securely. If you're doing it all, that's great, but without the certificate, they might not trust you as much. This is usually a requirement if you're working with large companies/enterprises.

In our case, an ISO consultant came to our office and worked with our head of security to define all the things we need to do in order to be compliant. You can probably get in touch with one and see what are all the things you need to do in order to obtain the certificate yourself.

Hope I helped!

Milica well, helped in this case is a relative term, you confirmed what I already know, which is helpful in general. Not what I hoped for though.

I think I will pay for the papers and read them :) thx.