Milica did you actually read the paper? I am trying to get it but all I get useless are previews. Or some 5 day courses. Which to me seam quite useless to some degree.
Did you participate in one? or was this more of a generic answer? I actually want my company to have it or something similar, we are very keen about keeping our customer data safe, but I don't wanna waste money and time on something I already know / implemented.
Esp the problem with ISO27001 is that it seams like the base certificate and after that you would need ISO27002 for code security if read correct ...
Anyhow it would be cool if you could share some information so I know if it's really worth it paying
if I read the 27000 page 29 §4.1 it seams like a extreme segregation with at least 3 baselines but you actually want to have at least the requirements and the guidelines.
standards.iso.org/ittf/PubliclyAvailableStandards…).zip