What are ISO 27001 key performance indicators (KPIs)?
ISO 27001 key performance indicators (KPIs) are metrics an organization establishes for its Information Security Management System (ISMS), allowing the organization to measure the operating effectiveness of the ISMS and the controls implemented to mitigate risk. ISO 27001 requires recording KPIs to demonstrate the effectiveness and ongoing improvement of the ISMS.
A wide range of ISMS elements can measure the operating effectiveness and controls of the ISMS; some examples include::
- Number of critical vulnerabilities addressed within 30 days of identification
- Number of users who have passed the awareness training exam
- Number of risks which have been managed to reduce the exposure of the organization
The goal of establishing ISO 27001 KPIs is for an organization to have metrics and measurements in place to monitor the ISMS and its implemented controls, ensuring they are operating effectively and meeting their intended objectives.
{{cta_withimage2="/cta-modules"}}
.png)
.png)
.svg)
.svg)
