ISO27007 (ISO 27007) ISMS Auditing

Description

ISO/IEC 27007:2011 provides guidance on conducting Information Security Management System (ISMS) audits and managing ISMS audit programmes. It also provides guidance on the competence of ISMS auditors and supplements the guidance offered on auditing in ISO19011:2011.

ISO/IEC 27007:2011 is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme.

ISO27007 at a glance:

• ISO27007 provides guidance on conducting ISMS audits, which will help auditors to ensure they are conducting an ISMS audit in the correct manner.
• Auditors can use the guidance provided by this Standard in any type or size of organisation. It is widely applicable, and its use ensures a best-practice approach is followed when conducting ISMS audits.
• ISO27007 offers guidance for both internal and external auditors on how to conduct ISMS audits. Auditing an ISMS following the guidance in this Standard will allow an organisation to identify any gaps that need addressing prior to undergoing a formal certification audit.

What is the difference between ISO27007 and ISO27008?

ISO27007 provides specific guidance on conducting ISMS audits, whereas ISO27008 supplies guidance on information security controls for auditors.

If more than one person needs to access this Standard, you will need a multiuser licence, which is a cost-effective way of complying with the publisher’s copyright restrictions.

Customer Reviews

(0# of Ratings:)