Steps to implement ISO 27001 Context Setting What activities you should follow: These activities should deliver the following: The below templates can be used for documentation purposes: Risk Assessment Threats, Vulnerabilities & Risks Threat: A potential cause of an unwanted Incident, which may result in harm to a System or Organization Vulnerability: A vulnerability isContinue reading “Implementing ISO 27001: A Step-by-Step Guide”
Tag Archives: iso27001
Audit Conclusions
Objectives of Audit Conclusions Preparing Audit Conclusions ISO 19011, clause 6.4.9 Before the closing meeting, the auditors meeting consult each other to: Discussing Audit Conclusions with the Auditee It is important to discuss audit findings and conclusions with the management before the closing meeting and submitting the final report to: Closing Meeting Agenda Model PreparingContinue reading “Audit Conclusions”
Beyond the Initial Audit
Objective of beyond the Initial Audit Surveillance Activities Surveillance activities can also include: Surveillance Audits Re-certification Audit Certification Special cases Use of ISO Trade marks
Stage 1 Audit
Objectives of the Stage 1 Audit Stage 1 Audit steps Site Visit Activities To be Carried Out Document review The main objectives of the document audit are: • General understanding of the operation of the management system • Evaluation of the design of the management system as well as the related processes and controls •Continue reading “Stage 1 Audit”
Phase 1 – Initiating the audit
Appointing the Audit Team Leader Validation of the Audit Objectives In an ISO 27001 certification audit, the main audit objectives are to confirm that: Validation of the Audit scope The audit scope describes the range and limits of he audit; for example, the locations, the organizational units, the activities and the process to be auditedContinue reading “Phase 1 – Initiating the audit”
Phases of Audit
Below is the diagram to demonstrate steps involved in an audit: The following documents can be used as reference: Audit Checklist Audit Plan Sample Policy Format Audit Report Template Risk Register Statement of Applicability (SOA)
Control Groups / Annexure
ISO 27001 Controls A.5 Organizational Controls A.6 People Controls A.7 Physical Controls A.8 Technological Controls
PDCA and Clauses
Plan(P) Do(D) Check(C) Act(A) ISO/IEC 27001:2022: Clause 4 of 10 Clause 4: Context of Organization ISO/IEC 27001:2022: Clause 5 of 10 Clause 5: Leadership ISO/IEC 27001:2022: Clause 6 of 10 Clause 6: Planning ISO/IEC 27001:2022: Clause 7 of 10 Clause 7: Support ISO/IEC 27001:2022: Clause 8 of 10 Clause 8: Operation ISO/IEC 27001:2022: Clause 9Continue reading “PDCA and Clauses”
Threat, Risk and Vulnerability
Threat: A potential cause of an unwanted Incident, which may result in harm to a System or OrganizationVulnerability: A vulnerability is a weakness of an asset or control that could potentially be exploited by one or more threats.Risk: A combination of the probability of an Event and its Consequence Risk Assessment is the total sumContinue reading “Threat, Risk and Vulnerability”
What is ISMS,CIA Triad
Information Security Management System (ISMS) Information Security Management System (ISMS) is a management system made of multiple interacting components. What is information? As per ISO/IEC 27000:“Information (knowledge or data) is an asset which, like other important business assets is of value to an organization and consequently needs to be suitably protected”. Information can be: InformationContinue reading “What is ISMS,CIA Triad”
