[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Saturday, 16 November 2024 19:34:15 GMT Brad Rogers wrote: > On Sat, 16 Nov 2024 18:55:57 +0000 > Sebastian via list <list@xxxxxxxxxxxxx> wrote: > > Hello Sebastian, > > >Hoping to ask a favour of the group here. I have found myself in need > >of copies of the standards in the ISO 27000 and ISO 9000 series, and, > > Are downloads not acceptable? > Both can be had for free that way. As the ISO 27000 series is largely funded by selling the standards I doubt they are legally available free for download. I'm sure it is available for download, as they are just PDFs, but you also want to be sure it is the current version etc. I have access to some of the ISO 27000 series through a client, but in most cases probably worth checking if your auditor/consultant can supply current versions of these documents. If you aren't at the point of having an auditor selected the standards are widely integrated into other standards documentation, so you could work from say the CSA CSTAR matrix and cover all the control areas (and a few extra). Not seen if they have caught up with 27001:2018 but I'm sure they have. Really in the cost of things buying the standards is the cheapest thing the organisation is likely do, versus taking employees out for security training. or taking a few days out for external audit. But I know as a consultant in the space it can add up, although the standards are often bundled on relevant training courses. I noticed also chatGPT has absorbed a thousand copies, and audits, and the like, so you can ask it to magic up documents for internal audits, of course you then need to check what it has done is reasonable and complete, but that is pretty easy if you have a copy of the standards. -- The Mailing List for the Devon & Cornwall LUG FAQ: https://www.dcglug.org.uk/faq/