ISO/IEC 27007 explained

ISO/IEC 27007 is a standard on Information security, cybersecurity and privacy protection that provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011. This standard is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme. It was published on November 14, 2011, and revised on January 21, 2020.

It is part of the ISO/IEC 27000-series family of standards about information security management system (ISMS), which is a systematic approach to securing sensitive information,[1] of ISO/IEC. It provides standards for a robust approach to managing information security and building resilience.[2]

Overview

The standard is about [3] how an information security management system audit can be performed based on a variety of audit criteria, separately or in combination, which include, among others:

This standard is applicable to all types of organizations regardless of size and ISMS audits of varying scopes and scales, including those conducted by large audit teams, typically of larger organizations, and those by single auditors, whether in large or small organizations.

It concentrates on ISMS internal audits (first party) and ISMS audits conducted by organizations on their external providers and other external interested parties (second party). This document can also be useful for ISMS external audits conducted for purposes other than third party management system certification. ISO/IEC 27006 provides requirements for auditing ISMS for third party certification.

Terms and structure

The terms and definitions given in this standard are defined within the standard ISO/IEC 27000. The ISO/IEC 27007 standard is structured as follows: [4]

In addition to that, it has 1 annex (A):

References

  1. Web site: BS EN ISO/IEC 27001 Information Security Management – Precise definition of ISMS. www.iso.org. 13 April 2020.
  2. Web site: BS EN ISO/IEC 27001 Information Security Management – More about ISMS in ISO/IEC 27001. www.bsigroup.com. 13 April 2020.
  3. Web site: BS EN ISO/IEC 27007 Information Security Management – About ISO/IEC 27007. webstore.iec.ch. 13 April 2020.
  4. Web site: BS EN ISO/IEC 27007:2020 – Preview of contents of ISO/IEC 27007:2020. www.iso.org. 14 April 2020.

External links