The company am employed considers to obtain an ISO27001 certification. Have already implemented a Linux testbed running Open VPN without issues. However am told a company cannot be ISO27001 certified unless their VPN is materialized using commercial only solutions, implying open solutions such as Open VPN are considered unacceptable and un-certifiable under ISO27001. Was surprised to hear this, would like to know from more knowledgeable people if there is any substance on that.
2 posts • Page 1 of 1