BS ISO/IEC 27007:2011 - Information technology. Security techniques. Guidelines for information security management systems auditing – BSI British Standards

BS ISO/IEC 27007:2011

Information technology. Security techniques. Guidelines for information security management systems auditing

Status : Superseded, Withdrawn   Published : December 2011 Replaced By : BS ISO/IEC 27007:2017

WITHDRAWN TITLE
*To ask about withdrawn titles contact the
BSI Customer Services
cservices@bsigroup.com, +44 345 086 9001


BS ISO/IEC 27007:2011
Information security management systems – Guidelines for information security management systems auditing

What is it?

BS ISO/IEC 27007:2011 provides guidance on how to audit an Information Security Management System (ISMS) built using BS ISO/IEC 27001. It is a specialist supplement to BS EN ISO/IEC 19011, the generic international standard on auditing management systems. Unlike BS ISO/IEC 27006, which is only relevant to audits for the purposes of external certification, BS ISO/IEC 27007 applies to all forms of auditing, whether internal or external.

BS ISO/IEC 27007:2011 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, that use an ISMS built using BS ISO/IEC 27001. Internal auditing is an essential requirement of BS ISO/IEC 27001.

How does it work?

BS ISO/IEC 27007:2011 provides guidance on managing an information security management system (ISMS) audit programme, on conducting the audits, and on the competence requirements for ISMS auditors.

BS ISO/IEC 27007:2011 follows the same structure as BS EN ISO/IEC 19011, and is designed to be used as a supplement to that international standard. Where necessary, it specifies the additional guidance needed to audit an ISMS built using BS ISO/IEC 27001. An annex to BS ISO/IEC 27007:2011 identifies each section of ISO/IEC 27001:2005 with auditable requirements, and specifies good audit practice to assess whether each of those requirements has been met.

Who should buy it?

Anyone who has, or plans to implement, an ISMS based on BS ISO/IEC 27001 needs BS ISO/IEC 27007:2011. It is an essential supporting standard needed to operate an ISMS successfully.

It is an essential document for external auditors who wish to perform ISMS audits.

It will also be useful for anyone needing insight into the practical aspects of how an ISO/IEC 27001 ISMS can and will be assessed.

See the preview for contents


Revision

BS ISO/IEC 27007:2011 is currently being revised to align with the new edition of ISO/IEC 27001, BS ISO/IEC 27001:2013. Although the audit requirements in the new edition of ISO/IEC 27001 have been restructured, most audit practice and guidance within BS ISO/IEC 27004:2009 is equally applicable to an ISMS built using the latest edition of ISO/IEC 27001.

Until a new edition of BS ISO/IEC 27007 is published, there are a number of books available from the BSI Shop that explain the differences in audit practice required between the two versions of BS ISO/IEC 27001. Particularly recommended is BIP 0072:2013 Are you ready for an ISMS audit based on ISO/IEC 27001?




Standard NumberBS ISO/IEC 27007:2011
TitleInformation technology. Security techniques. Guidelines for information security management systems auditing
StatusSuperseded, Withdrawn
Publication Date31 December 2011
Withdrawn Date19 October 2017
Normative References(Required to achieve compliance to this standard)ISO/IEC 27001:2005, ISO/IEC 27000:2009, ISO 19011:2011
Informative References(Provided for Information)ISO/IEC 27002, ISO/IEC 27006, ISO/IEC 27001, IAF MD1:2007, ISO/IEC 17021:2011, ISO/IEC 27002:2005, ISO/IEC 27005, ISO/IEC 27006:2007, ISO/IEC 27003:2010, ISO/IEC 27004:2009, ISO/IEC 27005:2011
Replaced ByBS ISO/IEC 27007:2017
International RelationshipsISO/IEC 27007:2011
Draft Superseded By10/30162769 DC
DescriptorsComputer networks, Personnel, Anti-burglar measures, Data processing, Management, Auditors, Computers, Records (documents), Documents, Data security, Information exchange, Quality auditing, Training, Data storage protection
ICS03.100.70
35.030
Title in FrenchTechnologies de l'information. Techniques de sécurité. Lignes directrices pour l'audit des systèmes de management de la sécurité de l'information
CommitteeIST/33/1
ISBN978 0 580 58474 9
PublisherBSI
FormatA4
DeliveryYes
Pages38
File Size524 KB
Price£122.00


WITHDRAWN TITLE
*To ask about withdrawn titles contact the
BSI Customer Services
cservices@bsigroup.com, +44 345 086 9001
 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents


Worldwide Standards
We can source any standard from anywhere in the world


Collaborate, Innovate, Accelerate.


BSOL

The faster, easier way to work with standards


Customers who bought this product also bought