Information security, cybersecurity and privacy protection. Guidelines for information security management systems auditing
Information security, cybersecurity and privacy protection. Guidelines for information security management systems auditing
  • Load image into Gallery viewer, Information security, cybersecurity and privacy protection. Guidelines for information security management systems auditing
  • Load image into Gallery viewer, Information security, cybersecurity and privacy protection. Guidelines for information security management systems auditing

Information security, cybersecurity and privacy protection. Guidelines for information security management systems auditing

£260.00
£260.00
£130.00
Sold out

What is BS ISO/IEC 27007:2020 about?

All Information Security Management Systems (ISMS) should be audited to ensure they’re operating successfully. BS ISO/IEC 27007:2020 is an essential supporting standard giving guidance on conducting first-party (internal) and second-party (external) audits of an ISMS.

Who is BS ISO/IEC 27007:2020 for?

  • Anyone who has, or plans to implement, an ISMS based on BS ISO/IEC 27001
  • External auditors who wish to perform ISMS audits
  • Anyone needing insight into the practical aspects of how an ISO/IEC 27001 ISMS can and will be assessed
  • Accredited certification bodies
  • Auditors

Why should you use BS ISO/IEC 27007:2020?

Internal auditing is an essential requirement of BS EN ISO/IEC 27001. BS ISO/IEC 27007:2020 provides guidance on managing an ISMS audit programme, on conducting audits and on the competence of ISMS auditors.

The audit can be conducted against a range of audit criteria, separately or in combination, including but not limited to:

—     Requirements defined in ISO/IEC 27001:2013

—     Policies and requirements specified by relevant interested parties

—     Statutory and regulatory requirements

—     ISMS processes and controls defined by the organization or other parties

—     Management system plan(s) relating to the provision of specific outputs of an ISMS (e.g. plans to tackle risks and opportunities when establishing ISMS, plans to achieve information security objectives, risk treatment plans, project plans)

This document concentrates on ISMS internal audits (first party) and ISMS audits conducted by organizations on their external providers and other external interested parties (second party).

BS ISO/IEC 27007:2020 follows the structure of, and is to be used in conjunction with, the guidance contained in BS EN ISO 19011:2018.

It should be adapted as appropriate to the scope, complexity and scale of the ISMS audit programme. Ultimately, the standard can help:

-       Improve efficiency

-       Increase trust

-       Manage risk

NOTE: BS ISO/IEC 27006 provides requirements for auditing ISMS for third party certification. This document can provide useful additional guidance.

In addition, BSI is committed to the UN Sustainable Development Goals. BS ISO/IEC 27007:2020 supports Goal 9 which focuses on building a resilient infrastructure, promoting inclusive and sustainable industrialization and fostering innovation. This standard helps ensure that information is successfully secured by organizations and this supports their resilience, sustainability and effectiveness in achieving their own SDG goals.