why do I have to identify them? What parts of ISO27002 must we
comply with to be compliant with
ISO27001? Do I need an Information Asset
Register to comply with ISO27001? How long does it take to implement
ISO27001? What is it that is mandatory to
implement in ISO27001? How are ISO27001 and GDRP related? Is implementation of all the
security controls identified in the
SOA mandatory to achieve
ISO27001 Certification? Do I have to implement the
controls in Annex A? What are the mandatory documents
in ISO27001?
See answers to these questions and many more in Chris Hall's ISO27001 Blog and Frequently Asked Questions.