ISO/IEC 27001:2013

[nelsonic]

The ISO 27001 Standard defines requirements for the confidentiality, integrity and availability of information systems.

• What is ISO 27001? (video intro): https://youtu.be/AzSJyfjIFMw
• ISO 27001 Certification: https://youtu.be/mMmpAwmXRNU
• Implementation Guide: http://www.bsigroup.com/Documents/iso-27001/resources/iso-iec-27001-implementation-guide-SG-web.pdf

To ensure that both we (the OA team) and our stakeholders (people who use the app for their business-critical information) have the confidence in our IT systems we need answer all 133 questions in the risk assessment.

Annoyingly the Standard is not free, instead we have to pay to download it! http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=54534 it costs CHF 118 (£92).

A bit of googling and found: https://trofisecurity.com/assets/img/iso27001-2013.pdf (the full PDF) (best to google if the link is broken when you read this...)

[nelsonic]

Tutorial videos: http://advisera.com/27001academy/documentation-tutorials/

[nelsonic]

See: https://github.com/dwyl/ISO-27001-2013-information-technology-security