iso27diy-corp/Drafts and Ideas/ISMS/About implementation and proof.md

tags
project/iso27DIY type/explainer

The auditor will require proof of the implementation of the ISMS and all it’s individual controls. Proper implementation means a control is risk-based, there’s a policy describing the why and how of it’s implementation, it’s results are monitored or measured, it’s effectiveness is evaluated, and possible improvements to the implementation of the control are identified.