There are a number of documents that are available, in addition to the BS 7799 and ISO17799 standards themselves, and these include:
From BSI
- Information Security Management: An Introduction (PD 3000);
- Preparing for BS 7799 Certification (PD 3001);
- Guide to BS 7799 Risk Assessment and Risk Management (PD 3002);
- Are you ready for a BS 7799 Audit? (PD 3003);
- Guide to BS7799 Auditing (PD 3004);
- Guide on the Selection of BS 7799 Controls (PD 3005).
Other publishers
- ISO Guide 62 – General Requirements for Bodies Operating Assessment / Registration of Quality Systems (to merge with ISO Guide 66 to become ISO 17021);
- EA-7/03 – Guidelines for the Accreditation of Bodies Operating Certification/ Registration of Information Security Management Systems;
- ISO 19011 – Guidelines for Quality and / or Environmental Management Systems Auditing.
A number of books have been published on the BS 7799 process, a check of the local IT Bookshop or Amazon should provide numerous titles from which to choose.
The types of Audit that may be undertaken in an organization
There are a number of audits that may be undertaken in an organisation, and these include:
- First Party (Internal Audit) – Within an organisation, internal review etc;
- Second Party (Supplier Audit) – Of a supplier or contractor
- Third Party Audit – By a CB
Back to : How does the BS7799 / ISO 27001 certification audit process actually work?
Source : http://17799-news.the-hamster.com/interviews/interview4-audit.htm
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment