Wondering if anyone has implemented non-technical frameworks like the ISO 28000:2007 (Specification for security management systems for the supply chain)? We are currently implementing the Cybersecure Canada framework in Eramba, and due to a staffing change our ISO 28000 program has at least temporarily fallen into my lap and I’m seeing a whole lot of reason to move it into Eramba.
Would appreciate any words of wisdom in this area.
any “framework” (in our little eramba world , compliance package) can be used in eramba because the principle of requirements mapped to solutions (controls, policies,etc) and later on an operational stage testing and reviews still applies
i just checked and there is no compliance package for 28000 , if you make one is never bad idea to share to the community : )