Sep 24 2024

How to Conduct an ISO 27001 Internal Audit

Category: ISO 27kdisc7 @ 2:19 pm

The blog post provides a detailed guide on conducting an ISO 27001 audit, which is crucial for ensuring compliance with information security standards. It covers both internal and certification audits, explaining their purposes, the audit process, and steps such as setting the audit criteria, reviewing documentation, conducting a field review, and reporting findings. The article also emphasizes the importance of having an independent auditor and following up on corrective actions to ensure proper risk management.

In this blog

For more details, you can read the full post here.

ISO Internal Audit – A Plain English Guide: A Step-by-Step Handbook for Internal Auditors in Small Businesses

ISO 27001 Controls Handbook: Implementing and auditing 93 controls to reduce information security risks

ISO/IEC 27001:2022, Third Edition: Information security, cybersecurity and privacy protection – Information security management systems

ISO/IEC 27002:2022, Third Edition: Information security, cybersecurity and privacy protection – Information security controls 

Checkout our previous ISO27k posts | ISO 27k Chat bot

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: isms, iso 27001, iso 27001 certification, ISO 27001 Internal Audit, iso 27002


Aug 05 2023

ISO 27001 Internal Audit Report Template

Category: ISO 27kdisc7 @ 11:45 am

ISO 27001 Internal Auditor Course

Internal Auditing in Plain English: A Simple Guide to Super Effective ISO Audits 

Transition plan from ISO 27001 2013 to ISO 27001 2022

Why the updated ISO 27001 standard matters to every business’ security

Detailed explanation of 11 new security controls in ISO 27001:2022

6 Pocket eBooks every ISO professional should read

ISO 27001 Internal Audit

Tool for defining the ISO 27001 ISMS scope

Risk Management document templates

ISO 27001 & ISO 27017 & ISO 27018 CLOUD DOCUMENTATION TOOLKIT

IMPLEMENT ISO 27001 AND ISO 22301 EFFORTLESSLY

How to Maintain ISO 27001 Certification: 7 Top Tips

Implementing an ISMS – The nine Steps approach

ISO 27001 CyberSecurity Toolkit

Top 3 ITG ISO 27001 books 

Enhance your privacy management with ISO 27701

ISO/IEC 27701 2019 Standard and Toolkit

CISSP training course

InfoSec tools | InfoSec services | InfoSec books

Tags: ISO 27001 Internal Audit, ISO 27001 Internal Auditor Course, ISO 270012022, ISO 270022022


Sep 19 2022

ISO 27001 Internal Audit

Category: Information Security,ISO 27kDISC @ 12:40 pm

DISC LLC presents a phase approach to deliver ISO 27001 Internal Audit services to SaaS businesses. 

ISO27001 Internal Audit Service - iTGRC security and compliance advisory  group

The Engagement:

We understand that your core business is your SaaS application and you desire an audit.  The audit is to be an independent assessment of the company’s ISMS, to measure the maturity of the program, to identify if the program is ready to pass the certification audit for ISO 27001:2013 certification, and provide strategic guidance for achieving the certification.  Our focus will be your application which is hosted at AWS/Azure and you have xxx employees who create, maintain, and manage the application.

The audit will be conducted remotely and we will have a dedicated contact person assigned to our audit team to facilitate access to documentation, records, and select staff for interviews.  We will complete your standard audit process documentation according to the ISO 27001 standard. 

The Plan:

Below is our high-level audit plan for your ISO 27001internal audit.  We propose a staged and flexible approach so we may progressively tune our audit process to deliver maximum business value to you.

Phase 1: This phase starts within a week one of signing of an engagement contract.  First step is a kickoff meeting to discuss the overall audit engagement, to finalize the formal audit plan, and to establish access to documents to be reviewed. We will review the available documents based on the ISO27001 standard. At the end of this phase we will present our findings in a briefing session.

Phase2: Phase 2 kickoff will be based on the document review and coordinate scheduling interviews that focus on critical processes to establishing the degree that the various control procedures have been activated. This is a critical part of the audit process. We will measure the maturity of required controls that has been implemented and present the findings for review within another review session (schedule subject to availability for interviews). 

Phase 3: Recommendations will be the focus of this phase.  This will also start with a kickoff meeting to establish a coordinated plan for what measures are already planned and what new measures are required to actually pass (to-be state) the certification audit.  This final step can save you a lot of effort as we can help you navigate to the end goal of passing the audit and also create the precise measures that have maximum business value.  The closing meeting of this phase will present our collective recommendations.

All of the efforts outlined above are aligned to a compliant internal audit process with a few enhancements that are value-add.  These audit records will likely be a primary target of the certification audit so they need to be well executed.  Your controls also have to be tailored to your business. We can help get you certified but that doesn’t mean you are actually secure.  We can help you do both.  Missing the secure part would be devastating to you and to all of your customers. This is our value-add. 

If you have a question about ISO 27001 internal audit:

LIST OF Materials for ISO Internal Audit

Checkout our latest articles on ISO 27001/2

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Follow DISC #InfoSec blog

Ask DISC an InfoSec & compliance related question

email: Info@DeuraInfoSec.com

Tags: Internal audit, iso 27001, ISO 27001 2013 Gap Assessment, ISO 27001 Internal Audit