To install click the Add extension button. That's it.

The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time.

4,5
Kelly Slayton
Congratulations on this excellent venture… what a great idea!
Alexander Grigorievskiy
I use WIKI 2 every day and almost forgot how the original Wikipedia looks like.
Live Statistics
English Articles
Improved in 24 Hours
Added in 24 Hours
Languages
Recent
Show all languages
What we do. Every page goes through several hundred of perfecting techniques; in live mode. Quite the same Wikipedia. Just better.
.
Leo
Newton
Brights
Milds

From Wikipedia, the free encyclopedia

ISO/IEC 27007 is a standard on Information security, cybersecurity and privacy protection that provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011. This standard is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme. It was published on November 14, 2011, and revised on January 21, 2020.

It is part of the ISO/IEC 27000-series family of standards about information security management system (ISMS), which is a systematic approach to securing sensitive information,[1] of ISO/IEC. It provides standards for a robust approach to managing information security and building resilience.[2]

Overview

The standard is about [3] how an information security management system audit can be performed based on a variety of audit criteria, separately or in combination, which include, among others:

  • Requirements defined in ISO/IEC 27001:2013.
  • Policies and requirements specified by relevant interested parties.
  • Statutory and regulatory requirements.
  • ISMS processes and controls defined by the organization or other parties.
  • Management system plan(s) relating to the provision of specific outputs of an ISMS (e.g., plans to address risks and opportunities when establishing ISMS, plans to achieve information security objectives, risk treatment plans, project plans).

This standard is applicable to all types of organizations regardless of size and ISMS audits of varying scopes and scales, including those conducted by large audit teams, typically of larger organizations, and those by single auditors, whether in large or small organizations.

It concentrates on ISMS internal audits (first party) and ISMS audits conducted by organizations on their external providers and other external interested parties (second party). This document can also be useful for ISMS external audits conducted for purposes other than third party management system certification. ISO/IEC 27006 provides requirements for auditing ISMS for third party certification.

Terms and structure

The terms and definitions given in this standard are defined within the standard ISO/IEC 27000. The ISO/IEC 27007 standard is structured as follows: [4]

  • Principles of auditing
  • Managing and audit programme
  • Conducting an audit
  • Competence and evaluation of auditors

In addition to that, it has 1 annex (A):

  • Annex A - Guidance for ISMS auditing practice

References

  1. ^ "BS EN ISO/IEC 27001 Information Security Management – Precise definition of ISMS". www.iso.org. Retrieved 13 April 2020.
  2. ^ "BS EN ISO/IEC 27001 Information Security Management – More about ISMS in ISO/IEC 27001". www.bsigroup.com. Retrieved 13 April 2020.
  3. ^ "BS EN ISO/IEC 27007 Information Security Management – About ISO/IEC 27007". webstore.iec.ch. Retrieved 13 April 2020.
  4. ^ "BS EN ISO/IEC 27007:2020 – Preview of contents of ISO/IEC 27007:2020". www.iso.org. Retrieved 14 April 2020.

External links

This page was last edited on 29 June 2023, at 21:24
Basis of this page is in Wikipedia. Text is available under the CC BY-SA 3.0 Unported License. Non-text media are available under their specified licenses. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. WIKI 2 is an independent company and has no affiliation with Wikimedia Foundation.