| Being Audited to ISO/IEC 27001 |
|
Once all the requirements of ISO/IEC 27001 have been met, you can apply for an external audit. This should be carried out by a third party, an accredited certification body. In the UK, the body should be accredited by UKAS (look for the 'crown and tick' logo). The chosen certification body will firstly review relevant documentation. This should include the declared policy, scope of the ISMS, documents covering the risk assessment, risk treatment plan, Statement of Applicability and documented security procedures. The auditors will also be checking that you have identified and implemented the controls that are appropriate to your size and type of business. This process is normally carried out at your premises, as this is the best option for both parties. This is followed at a later date by a full on-site audit to ensure that working practices observe these procedures and stated objectives, and that appropriate records are kept. After a successful audit, a certificate of registration to ISO/IEC 27001 will be issued. There will then be surveillance visits (usually once or twice a year) to ensure that the system continues to work. |
Stiki Ltd.
20 Garrick Street
London, WC2E 9BT
Tel: +44 (0) 203 178 4732
E-mail: stikiuk@stiki.eu
Learn more about RM STUDIO. Request a Webinar with one of our experts.
Are you ready? Get a quick overview of RM STUDIO.
| Using RM Studio saves both time and consultancy costs by streamlining the risk assessment process with built-in consultancy and know-how. |
Risk Assessment plays an important role in the implementation of information security and is one of the requirements.
Information asset is any information of value to a company and its operation. Information assets, like any other assets of a company.
Offering traceability is a very important feature in software. Data traceability is a key component in RM Studio®
