Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Information Security Compliance Management

You're reading from   Mastering Information Security Compliance Management A comprehensive handbook on ISO/IEC 27001:2022 compliance

Arrow left icon
Product type Paperback
Published in Aug 2023
Publisher Packt
ISBN-13 9781803231174
Length 236 pages
Edition 1st Edition
Arrow right icon
Authors (2):
Arrow left icon
Greeshma M. R. Greeshma M. R.
Author Profile Icon Greeshma M. R.
Greeshma M. R.
Adarsh Nair Adarsh Nair
Author Profile Icon Adarsh Nair
Adarsh Nair
Arrow right icon
View More author details
Toc

Table of Contents (19) Chapters Close

Preface 1. Part 1: Setting the Stage – Definitions, Concepts, Principles, Standards, and Certifications
2. Chapter 1: Foundations, Standards, and Principles of Information Security FREE CHAPTER 3. Chapter 2: Introduction to ISO 27001 4. Part 2: The Protection Strategy – ISO/IEC 27001/02 Design and Implementation
5. Chapter 3: ISMS Controls 6. Chapter 4: Risk Management 7. Chapter 5: ISMS – Phases of Implementation 8. Chapter 6: Information Security Incident Management 9. Chapter 7: Case Studies – Certification, SoA, and Incident Management 10. Part 3: How to Sustain – Monitoring and Measurement
11. Chapter 8: Audit Principles, Concepts, and Planning 12. Chapter 9: Performing an Audit 13. Chapter 10: Audit Reporting, Follow-Up, and Strategies for Continual Improvement 14. Chapter 11: Auditor Competence and Evaluation 15. Chapter 12: Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting 16. Index 17. Other Books You May Enjoy Appendix – Terms and Definitions

Initiating the audit

The auditor must start the audit by getting in touch with the process owner and making sure the audit is possible. When doing an audit, it’s better to make sure someone is there to present evidence than to try to catch them by surprise. It’s also important to note that the audit team leader is the one who is ultimately responsible for how an audit is done.

Initiating an audit usually involves two steps, as mentioned here:

  1. Establishing initial contact with the auditee: To establish contact with the auditee, the auditor and auditee decide on the communication channels. Both parties agree on the objectives, scope, methods, and composition of the audit team, which may include observers, guides, technical experts, or other roles. Any problems with the composition should be worked out at this point. The audit team intends to see relevant documents and records so that they can plan the audit. The laws and regulations that apply are considered...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime