The audit process can be a daunting one as an auditor can direct questions at any employee within your organisation. Written in a clear plain style, this pocket guide offers a tried and tested briefing, and should be issued to staff in advance of the audit to help them prepare for the experience and be well equipped to answer questions when asked.
This pocket book explains what an ISO 27001 assessment is, why organisations bother with them, and what individual staff should do and, perhaps as importantly, not do if an auditor chooses to question them.
The book covers:
- What an assessment is
- Why information security is important
- What happens during an assessment
- What to consider when answering an auditor';s questions
- What happens when an auditor finds something wrong
- Your policies and how to prepare
- Further information: who to ask
This pocket book is the perfect tool to train everybody inside your organisation to play their part in your ISO 27001 assessment.
Table of contents
- ITG POCKET GUIDES
- CHAPTER 1: WHAT ARE ASSESSMENTS?
- CHAPTER 2: WHY INFORMATION SECURITY?
- CHAPTER 3: WHAT ACTUALLY HAPPENS DURING AN ASSESSMENT?
- CHAPTER 4: ANSWERING AUDITORS’ QUESTIONS
- CHAPTER 5: WHAT HAPPENS WHEN THE AUDITOR FINDS SOMETHING WRONG?
- CHAPTER 6: POLICIES
- CHAPTER 7: FURTHER ADVICE AND ASSISTANCE
- APPENDIX 1: DEFINITIONS OF TERMS
- Title: ISO27001 Assessments Without Tears
- Release date: March 2007
- Publisher(s): IT Governance Publishing
- ISBN: 9781849281164
You might also like
Hands-On Machine Learning with Scikit-Learn, Keras, and TensorFlow, 2nd Edition
Through a series of recent breakthroughs, deep learning has boosted the entire field of machine learning. …
Guide: Reporting on an Entity's Cybersecurity Risk Management Program and Controls
Created by the AICPA, this authoritative guide provides interpretative guidance to enable accountants to examine and …
The Official (ISC)2 Guide to the CISSP CBK Reference, 5th Edition
The only official, comprehensive reference guide to the CISSP All new for 2019 and beyond, this …
Information Security Policies, Procedures, and Standards
Information Security Policies, Procedures, and Standards: A Practitioner's Reference gives you a blueprint on how to …