Are you ready for an ISMS audit based on ISO/IEC 27001?

Find Similar Items

This product falls into the following categories.

You may find similar items within these categories by selecting from the choices below:

BIP 0072:2005

Are you ready for an ISMS audit based on ISO/IEC 27001?

Status : Revised, Superseded, Withdrawn   Published : September 2005 Replaced By :


Are you ready for an ISMS audit based on ISO/IEC 27001?

Edward Humphreys & Angelika Plate

download sample chapterThis revised publication is in line with the 2005 editions of BS ISO/IEC 17799 and BS ISO/IEC 27001 Information technology. Security techniques. Information security management systems. Requirements. It includes an ISMS process check and a gap analysis workbook.

This book is primarily for use by organizations seeking to prepare for certification to BS ISO/IEC 27001 (BS 7799-2). For this purpose it is recommended that the pre-certification assessment is best carried out under the supervision of the person responsible for information security in the organization or by internal audit staff. System developers may also find it a useful reference document when considering the security aspects of new systems.

This guide for organizations wishing to carry out internal assessment of their information security management system (ISMS) against the requirements in ISO/IEC 27001:2005 either as a precursor to an internal ISMS auditor in preparation for a formal third-party ISMS certification audit (see Guidelines on Requirements and Preparations for ISMS Certification based on ISO/IEC 27001).

Contents of the guide to auditing BS ISO/IEC 27001 ISMS?  include:

  • Scope of this guide
  • Use of the standards
  • Companion guides
  • Identifying the ISMS scope
  • How to use this guide
  • ISMS process requirements
  • Control requirements
  • ISMS processes workbook (assessment of ISMS process requirements)
  • Gap Analysis Workbook (assessment of ISMS controls)

About the authors

Edward Humphreys (Chartered Fellow of the BCS CITP, CISM) is Director of XiSEC Consultants Ltd, a UK company providing information security management and risk management consultancy services.

He has been an expert in this field for more than 35 years. During this time, he has worked around the world for major international companies as well as the DTI, European Commission and the OECD. Ted Humphreys is the editor of BS 7799 Part 1:1999, ISO/IEC 17799:2000, the 1999 and 2002 editions of BS 7799 Part 2 and EA 7/03 the ISMS accreditation guidelines and the Chair of the ISO group responsible for these ISMS standards. He is the founder of the ISMS International User Group and in 2002 was honoured with the Secure Computing Lifetime Achievement Award as the internationally acknowledged author of these ISMS standards and for his noteworthy achievements in shaping the development of information security management best practice.

Dr Angelika Plate has been working as an expert in the area of information security for more than 10 years, including with the German Information Security Agency (1993 – 1998) and now runs the German-based information security consulting company ÆXIS Security Consultants. Angelika Plate is directly involved in ISO activities, and was the editor of two international standards dealing with risk assessment, control selection and risk management. She is also the editor of the revised version of ISO/IEC 7799, which has now been published. Prior to that, she was involved in the revisions of BS 7799 Parts 1 and 2 in the UK and has been supporting and contributing to the development of ISO/IEC 27001. She is also working as technical support for UKAS assessors and is chairing the ISMS IUG Germany, which she founded in 2002.

Angelika Plate is speaking at BSI’s Information Security Conference in May. Read more about the 2nd Annual Information Security Conference.Titles in this Information Security Management Systems Guidance Series include:

ISO/IEC 27001Guidelines on requirements and preparation for ISMS certification based on
ISO/IEC 27001



ISO/IEC 27001Are you ready for an ISMS audit based on ISO/IEC 27001?      




ISO/IEC 27001Guide to the implementation and auditing of ISMS controls based on ISO/IEC 27001



ISO/IEC 27001 Measuring the effectiveness of your ISMS implementations based on ISO/IEC 27001

Standard NumberBIP 0072:2005
TitleAre you ready for an ISMS audit based on ISO/IEC 27001?
StatusRevised, Superseded, Withdrawn
Publication Date19 September 2005
Withdrawn Date13 November 2013
ReplacesPD 3003:2002
DescriptorsData security, Quality auditing, Data processing, Computers, Management, Data storage protection IT and Information Management: Information Security
ISBN0 580 46003 7
File Size6.018 MB

 Your basket
Your basket is empty

Take the smart route to manage medical device compliance


The faster, easier way to work with standards

Worldwide Standards
We can source any standard from anywhere in the world

Collaborate, Innovate, Accelerate.

Customers who bought this product also bought

  • BS 7799-3:2006
    Information security management systems Guidelines for information security risk management
  • KIT 20
    Information security standards kit