Stage 1 is a preliminary, informal review of the ISMS, for example checking the existence and completeness of key documentation such as the organization's information security policy, Statement of Applicability (SoA) and Risk Treatment Plan (RTP).The ISO/IEC 27001 certification, like other ISO management system certifications, usually involves a three-stage external audit process defined by the ISO/IEC 17021 and ISO/IEC 27006 standards: Act (update and improvement of the ISMS) Undertake corrective and preventive actions, on the basis of the results of the ISMS internal audit and management review, or other relevant information to continually improve the said system. Check (monitoring and review of the ISMS) Assess and, if applicable, measure the performances of the processes against the policy, objectives and practical experience and report results to management for review. Do (implementing and workings of the ISMS) Implement and exploit the ISMS policy, controls, processes and procedures. Plan (establishing the ISMS) Establish the policy, the ISMS objectives, processes and procedures related to risk management and the improvement of information security to provide results in line with the global policies and objectives of the organization. 27001:2005 applied this to all the processes in ISMS. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) cycle aligning it with quality standards such as ISO 9000.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |