|
|
|
|
|
|
by reqres
1470 days ago
|
|
|
The standards are not incoherent. However by design they need to be abstract to apply across very diverse businesses. I've implemented ISO 27001 myself (solo dev founder, 6 person company, USD2mn SaaS). The divergence in quality of the implementation depends on whether the company is actually using IS027001/SOC2 as a tool to formally define, implement and monitor information security or finding the path of least resistance to accreditation. |
|
|