Howard and Jim chat about ISO 27007 – Guidance for Information Security Management Systems Auditing.
Items discussed include:
- Plan – Do – Check – Act Approach.
- Getting clients to ask their auditees if the procedure, the way it’s been implemented, is getting them the results they want.
- The purpose of auditing is to see if you’re getting the results you want.
- Part of the audit is to see if the objectives are really sensible.
- Asking during the audit if there’s any possible way the auditees think that procedures, processes, and the implementation could be improved.
- The reocmmended frequency for performing audits.
- Review the competency of the individuals and teams assigned to perform the audit.
During the next episode of the ISO review Podcast, we’ll discuss the Statement of Applicability document.
Leave a Comment