Expert Advice Community

Guest

ISMS for scratch card manufacturing unit

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

ISMS for scratch card manufacturing unit

What controls will be not applicable for a scratch card manufacturer? Can you point out any general resource for ISMS for such a unit.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
DejanK Jan 12, 2016

ISO 27001 is not prescriptive, which means that this standard doesn't tell you which controls you must or must not apply depending on the industry you're in. What this standard does tell you is that you must assess the risks that are related to your particular situation, and then decide which controls to implement and which to exclude. See also this article: The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

Therefore, ISO 27001 is quite different from PCI DSS which is prescriptive. If your business is related to payment card industry, then PCI DSS will provide much more precise guidelines for security controls.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016