You're reading from Mastering Information Security Compliance Management A comprehensive handbook on ISO/IEC 27001:2022 compliance

Product type Paperback

Published in Aug 2023

Publisher Packt

ISBN-13 9781803231174

Length 236 pages

Edition 1st Edition

Concepts

Information Security

Authors (2):

Greeshma M. R.

Adarsh Nair

View More author details

Table of Contents (19) Chapters

Preface

1. Part 1: Setting the Stage – Definitions, Concepts, Principles, Standards, and Certifications

2. Chapter 1: Foundations, Standards, and Principles of Information Security FREE CHAPTER

3. Chapter 2: Introduction to ISO 27001

4. Part 2: The Protection Strategy – ISO/IEC 27001/02 Design and Implementation

5. Chapter 3: ISMS Controls

6. Chapter 4: Risk Management

7. Chapter 5: ISMS – Phases of Implementation

8. Chapter 6: Information Security Incident Management

9. Chapter 7: Case Studies – Certification, SoA, and Incident Management

10. Part 3: How to Sustain – Monitoring and Measurement

11. Chapter 8: Audit Principles, Concepts, and Planning

12. Chapter 9: Performing an Audit

13. Chapter 10: Audit Reporting, Follow-Up, and Strategies for Continual Improvement

14. Chapter 11: Auditor Competence and Evaluation

15. Chapter 12: Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting

16. Index

Why subscribe?

17. Other Books You May Enjoy

Appendix – Terms and Definitions

Audit program

An audit program is the master plan for conducting an audit or set of audits that are to be undertaken in a specific timeframe and for a specific purpose. For example, the purpose could be to certify the information security management system of a company against ISO 27001. It gives a direction for the proper execution of audits. The ISO 19011:2018 standard offers instructions on how to manage audit program improvements in a systematic manner.

The objectives of the audit program should align with the policies and goals of the management system in addition to meeting regulatory and statutory requirements.

For third-party audits, the audit program must comprise an initial audit (Stage 1 – document review and Stage 2 – evaluating the implementation and effectiveness of the management system[s]), surveillance audits in the first and second years (after certification audits), and a recertification audit in the third year prior to the expiration of certification...

The rest of the chapter is locked

You're reading from Mastering Information Security Compliance Management A comprehensive handbook on ISO/IEC 27001:2022 compliance

Table of Contents (19) Chapters

Audit program

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you