What alternative standard for ISO 27001 can be used in Australia?



  • I am looking for alternatives, that are less strict and less time consuming, than ISO 27001. Australia is in the Commonwealth, so maybe Cyber Essentials Plus could work, but I do not know if that plays a part in it being recognized by the Australian Government. Any suggestions? Thanks!



  • Agree, it's kind of a broad question. If you're looking for general principles, I wouldn't be looking past the ISM - https://www.cyber.gov.au/acsc/view-all-content/ism

    If you're looking for specific hardened templates for servers as part of your framework / standards, then maybe CIS is worth a look. CIS can be quite light touch depending on which level you choose to aspire towards - in theory. I've found that there's no one-size solution - there's parts of CIS for example, that they'd mark as level 3 - or the highest level of maturity - but which for our business are no-brainers. In other areas, we struggle to achieve level 1.

    Documenting which standards you want to achieve, those standards you're excepting yourself from - that can be a pain. I've used SAM for compliance, which seems to make it as easy as anything else I've come across. https://www.samcompliance.co/

    Not affiliated in any way, etc...

    Good luck!



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2