A common question that comes up when implementing ISO 27001 is: Should I include security penetration testing in my Information Security Management System (ISMS) programme to comply with the ISO 27001 standard and meet auditor expectations? The answer is both yes and no — depending on how you look at it. The standard does not […]