581 B
581 B
When you start with ISO 27001, the key to looking at this bewildering list of controls is not to see this as a todo list or an implementation plan, but as a checklist, asking yourself for each control: how are we doing this at the moment?
Because if you have a sensible approach to your information, your devices and the services you use, chances are you have actually implemented most of them, at least partially. Let's start with some low-hanging fruit:
- Examples of 'common' controls.
- backups
- cryptography
- physical security
- password protection