Has your company undergone an ISO 27001 audit and received deviations in risk management? Then Diri can help you!
ISO 27001 (IEC 27001) is an international standard that has been prepared to set requirements for the establishment, implementation, maintenance and continuous improvement of a management system for information security. Businesses that wish can be ISO 27001 certified by an independent certification body (which carries out an ISO 27001 audit). The certificate shows that the information security management system is measured against and by a standard of best practice in the industry.
Deviations in risk management
The controls in ISO27001 provide a good security foundation, but what is unique about the business must be risk managed. Our experience is that companies that receive deviations from risk management lack an overview and don´t have control over the organisation’s risk picture. This is often due to a lack of proper risk management and documentation showing that the risks have been identified, assessed and handled systematically and well.