![tribes 2 iso tribes 2 iso](https://oldpcgaming.net/wp-content/uploads/2017/11/14-300x225.jpg)
![tribes 2 iso tribes 2 iso](https://alchetron.com/cdn/worms-world-party-ffb0e634-ff0e-4bea-90c3-7575b698be0-resize-750.jpeg)
Try this quiz based on that scenario (Quiz 1) Imagine that you are an ISO27001 lead auditor undertaking a 4 day Stage 2 certification audit. The people in the second tribe (the “ controls” tribe) think ISO27001 is all about the controls and are not so concerned about the clauses. the clauses and are not so concerned about the actual controls. The people in the first tribe (the “management” tribe) think that ISO27001 is all about the management – i.e. Did you spot the difference? The key word here is “Management”.
![tribes 2 iso tribes 2 iso](https://www.cairn.info/vign_rev/RFEA/RFEA_144.jpg)
The second of these tribes is the “ISO27001 is an Information Security Standard”. The first of these tribes is the “ISO27001 is an Information Security Management Standard” tribe. It turns out that most ISO27001 people (consultants, trainers and especially certification auditors) are in one of two tribes when it comes to their view of ISO27001.