26
Feb
2026
On this topic, ISO 27001 provides no guidance and is of little help. In deciding what to monitor and measure regarding your Information Security Management System (ISMS), ISO 27001 specifies no mandatory requirements (as emphasized in our ISO 27001 training courses). Thankfully, ISO 27004 provides guidelines and principles for measuring and reporting the effectiveness of an organization's ISMS. ...
Read More




