Information Technology - Security Techniques - Guidelines for Information Security Management Systems Auditing.
ISO/IEC 27007:2011 provides guidance on conducting Information Security Management System (ISMS) audits and managing ISMS audit programmes. It also provides guidance on the competence of ISMS auditors and supplements the guidance offered on auditing in ISO19011:2011.
ISO/IEC 27007:2011 is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme.
ISO27007 at a glance:
ISO27007 provides specific guidance on conducting ISMS audits, whereas ISO27008 supplies guidance on information security controls for auditors.
If more than one person needs to access this Standard, you will need a multiuser licence, which is a cost-effective way of complying with the publisher’s copyright restrictions.