Am asked many a times , hey, we need to get ISO 27001 certified and then asked to make themselves compliant within a few weeks. I go through the long process of explaining the steps required and the terminology that is often used as part of the compliance exercise. In this ramble, I will try to capture the salient requirements as to what constitutes the process and the time lines generally applicable (I am generalizing here) to get compliant or to go for certification. Before taking it further, I will say this " YOU CANNOT GET ISO 27002 certified" ISO 27001 is the management standard that details on the processes - THE ISMS - and you certify against this standard. The Annexure to the standard details the controls that are recommended to achieve the objective. These are brief details as to the nature of controls required. However, a detailed version of the controls in the ISO 27001 annexure is found in ISO 27002. ISO 27002 can help the organization to achieve ISO 27001 certif...
Ramble on everything and anything that fancies my imagination