Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Information Security Compliance Management

You're reading from   Mastering Information Security Compliance Management A comprehensive handbook on ISO/IEC 27001:2022 compliance

Arrow left icon
Product type Paperback
Published in Aug 2023
Publisher Packt
ISBN-13 9781803231174
Length 236 pages
Edition 1st Edition
Arrow right icon
Authors (2):
Arrow left icon
Greeshma M. R. Greeshma M. R.
Author Profile Icon Greeshma M. R.
Greeshma M. R.
Adarsh Nair Adarsh Nair
Author Profile Icon Adarsh Nair
Adarsh Nair
Arrow right icon
View More author details
Toc

Table of Contents (19) Chapters Close

Preface 1. Part 1: Setting the Stage – Definitions, Concepts, Principles, Standards, and Certifications
2. Chapter 1: Foundations, Standards, and Principles of Information Security FREE CHAPTER 3. Chapter 2: Introduction to ISO 27001 4. Part 2: The Protection Strategy – ISO/IEC 27001/02 Design and Implementation
5. Chapter 3: ISMS Controls 6. Chapter 4: Risk Management 7. Chapter 5: ISMS – Phases of Implementation 8. Chapter 6: Information Security Incident Management 9. Chapter 7: Case Studies – Certification, SoA, and Incident Management 10. Part 3: How to Sustain – Monitoring and Measurement
11. Chapter 8: Audit Principles, Concepts, and Planning 12. Chapter 9: Performing an Audit 13. Chapter 10: Audit Reporting, Follow-Up, and Strategies for Continual Improvement 14. Chapter 11: Auditor Competence and Evaluation 15. Chapter 12: Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting 16. Index 17. Other Books You May Enjoy Appendix – Terms and Definitions

Preparing audit activities

The administration of the audit operations is covered in depth in the audit activities of ISO 19011. This methodical technique can assist in ensuring that your audits are efficient and reliable and strengthen the audit system. The individual steps in the process are detailed here:

  1. Performing the document review: After the initiation process, the required documents must be reviewed. This helps in determining the extent of the system documentation for the audit and to analyze any gap which decides the audit plan in the following step. These documents include but are not limited to the following:
    • Information Security Management System (ISMS) scope and objectives
    • Information Security (IS) policy
    • ISMS risk register
    • Statement of Applicability (SoA)
    • Legal records
    • Monitoring and measurement records
    • Records of corrective actions
    • Management reviews

The management system’s documented information must be analyzed in order to comprehend the auditee’...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime