The audit process can be a daunting one as an auditor can direct questions at any employee within your organisation. Written in a clear plain style, this pocket guide offers a tried and tested briefing, and should be issued to staff in advance of the audit to help them prepare for the experience and be well equipped to answer questions when asked.
This pocket book explains what an ISO 27001 assessment is, why organisations bother with them, and what individual staff should do and, perhaps as importantly, not do if an auditor chooses to question them.
The book covers:
- What an assessment is
- Why information security is important
- What happens during an assessment
- What to consider when answering an auditor';s questions
- What happens when an auditor finds something wrong
- Your policies and how to prepare
- Further information: who to ask
This pocket book is the perfect tool to train everybody inside your organisation to play their part in your ISO 27001 assessment.
Table of Contents
- ITG POCKET GUIDES
- CHAPTER 1: WHAT ARE ASSESSMENTS?
- CHAPTER 2: WHY INFORMATION SECURITY?
- CHAPTER 3: WHAT ACTUALLY HAPPENS DURING AN ASSESSMENT?
- CHAPTER 4: ANSWERING AUDITORS’ QUESTIONS
- CHAPTER 5: WHAT HAPPENS WHEN THE AUDITOR FINDS SOMETHING WRONG?
- CHAPTER 6: POLICIES
- CHAPTER 7: FURTHER ADVICE AND ASSISTANCE
- APPENDIX 1: DEFINITIONS OF TERMS
- Title: ISO27001 Assessments Without Tears
- Release date: March 2007
- Publisher(s): IT Governance Publishing
- ISBN: 9781849281164