New Podcast: ISO 27007 – Guidance for Information Security Management Systems Auditing

By Rick Herman | February 15, 2023

Howard and Jim chat about ISO 27007 – Guidance for Information Security Management Systems Auditing.

Items discussed include:

  • Plan – Do – Check – Act  Approach.
  • Getting clients to ask their auditees if the procedure, the way it’s been implemented, is getting them the results they want.
  • The purpose of auditing is to see if you’re getting the results you want.
  • Part of the audit is to see if the objectives are really sensible.
  • Asking during the audit if there’s any possible way the auditees think that procedures, processes, and the implementation could be improved.
  • The reocmmended frequency for performing audits.
  • Review the competency of the individuals and teams assigned to perform the audit.

Listen Now

During the next episode of the ISO review Podcast, we’ll discuss the Statement of Applicability document.

Posted in Uncategorized