《一招教会你执行ISO27001英文.pptVIP

* Initial audit and certification Stage 1 audit (IS ) Document review Document review to be completed prior to Stage 2 In a written report Further types of information and records may be required for detailed examination during Stage 2 Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile . Copyright 2004-2011 Aspose Pty Ltd. Initial audit and certification Stage 2 audit (IS ) To confirm that organization adheres to its own policies, objectives and procedures; To confirm that the ISMS conforms to all the requirements of the normative ISMS standard ISO/IEC 27001 and is achieving the organization’s policy objectives Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile . Copyright 2004-2011 Aspose Pty Ltd. Focus of Stage 2 audit a) assessment of information security related risks; b) documentation requirements listed in Clause 4.3.1 of ISO/IEC 27001:2005; c) selection of control objectives and controls based on the risk assessment and risk treatment processes; Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile . Copyright 2004-2011 Aspose Pty Ltd. Focus of Stage 2 audit d) reviews of the effectiveness of the ISMS and measurements of the effectiveness of the information security controls, reporting and reviewing against the ISMS objectives; e) internal ISMS audits and management reviews; f) management responsibility for the information security policy; Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile . Copyright 2004-2011 Aspose Pty Ltd. Focus of Stage 2 audit g) correspondence between the selected and implemented controls, the Statement of Applicability, and the results of the risk assessment and risk treatment process, and the ISMS policy and objectives; Evaluation only. Created with Aspose.Slides for .NET 3.5 Client Profile . Copyright 2004-2011 Aspose Pty Ltd. Focus of Stage 2 audit h) implementation of controls, taking into account the organizations measurements of effectivenes