Articles

What is ISO 27001 A brief summary of the standard?

by Rhyley Bryan

What is ISO 27001 A brief summary of the standard?

ISO 27001 is the international standard which is recognised globally for managing risks to the security of information you hold. The standard adopts a process based approach for establishing, implementing, operating, monitoring, maintaining, and improving your ISMS.

What are the controls in ISO 27001?

ISO 27001 controls list: the 14 control sets of Annex A

  • 5 – Information security policies (2 controls)
  • 6 – Organisation of information security (7 controls)
  • 7 – Human resource security (6 controls)
  • 8 – Asset management (10 controls)
  • 9 – Access control (14 controls)
  • 10 – Cryptography (2 controls)

How do you explain ISO 27001?

ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.

How many controls does ISO 27001 have?

114 controls
ISO 27001 controls and requirements ISO 27001 consists of 114 controls (included in Annex A and expanded on in ISO 27002) that provide a framework for identifying, treating, and managing information security risks.

What are the two parts of ISO 27001?

ISO 27001 is made up of 2 parts – the information security management system ( ISMS ) which is ISO 27001 and the 114 ISO 27001 Annex A controls that are also referred to as ISO 27002. In this section we look at the 114 ISO 27001 Annex A controls.

How many controls are there in ISO 27001 annex a?

There are 114 ISO 27001 Annex A controls, divided into 14 categories. A.5 Information security policies (2 controls): how policies are written and reviewed. A.6 Organisation of information security (7 controls): the assignment of responsibilities for specific tasks.

Who is the lead auditor for ISO 27001?

Conceptual thinker successful at refining audit systems. Dedicated auditing professional with the accomplished ability to work independently and as a team member to successfully achieve project goals and objectives. Experience in a successful implementation of ISO 27001 Management System.

What are the duties of an ISO internal auditor?

Additional duties: Sarbanes-Oxley (SOX) control audits and Customer Proprietary Network Information (CPNI) control audits, comprehensive user IAM reviews and business IAM approval reviews. Recovering deleted data for litigation and IT Services. Developed SOX Control Testing Plans, Conducted SOX control testing for financial system governance.