ISMS for scratch card manufacturing unit
Assign topic to the user
ISO 27001 is not prescriptive, which means that this standard doesn't tell you which controls you must or must not apply depending on the industry you're in. What this standard does tell you is that you must assess the risks that are related to your particular situation, and then decide which controls to implement and which to exclude. See also this article: The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
Therefore, ISO 27001 is quite different from PCI DSS which is prescriptive. If your business is related to payment card industry, then PCI DSS will provide much more precise guidelines for security controls.
Comment as guest or Sign in
Jan 12, 2016