ISO27001 Assessments Without Tears

CHAPTER 3: WHAT ACTUALLY HAPPENS DURING AN ASSESSMENT?

With respect to each standard your organisation is assessed against, the auditors from the third party accreditation body are ‘assessing’ three things:

• That your policy, manual and procedures satisfy the requirements of ISO 27001 (this is the responsibility of the senior management)

• That you meet the aims of the relevant policy (more on this later);

• That you do what your procedures say you do – this is verified by asking anyone questions.

Before the assessment the auditor agrees with your organisation the scope (area of assessment), timing and size of the assessment, taking a sample of things to look at across the overall operation. So, in assessing your organisation’s information ...

Get ISO27001 Assessments Without Tears now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ISO27001 Assessments Without Tears by

CHAPTER 3: WHAT ACTUALLY HAPPENS DURING AN ASSESSMENT?

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly