BIP 0073:2013 Guide to the Implementation and Auditing of ISMS Controls based on ISO/IEC 27001

Find Similar Items

This product falls into the following categories.

You may find similar items within these categories by selecting from the choices below:

BIP 0073:2013

Guide to the Implementation and Auditing of ISMS Controls based on ISO/IEC 27001

Status : Current   Published : November 2013



This book provides guidance on the implementation of ISMS (Information Security Management Systems) control requirements for auditing existing control implementations in order to help organizations preparing for certification in accordance with requirements specified in the new ISO/IEC 27001:2013 Information security management system (ISMS) - Requirements. 

It includes the definitive requirements that auditors must address when certifying organizations to the 2nd edition of ISO/IEC 27001:2013 and will provide guidance on the implementation, checking and auditing of the controls.

The guide discusses each of the controls of the standard from two different viewpoints:

Implementation – This describes what to consider in order to fulfil the control requirements when implementing the controls from the standard. This guidance is aligned with the standard, which gives advice on the implementation of the controls.

Auditing – This focuses on what to check when examining the implementation of the standard controls to ensure that the implementation covers the essential ISMS control requirements.

Get the information you need to be fully updated in line with the revised standard and includes new references and definitions.

It is applicable to organizations of any size, government departments and agencies, certification and accreditation bodies, training organizations, academic institutions, implementers, auditors, consultants, trainers and lecturers.

Edward Humphreys (Chartered Fellow of the BCS - FBCS CITP, CISM) has been an expert in the field of information security and risk management for more than 35 years. During this time, he has provided consultancy to major international companies (Europe, North/South America and Asia) and has worked for many years as senior advisor to the European Commission. He is conveyor of the ISO/IEC working group that is responsible for the development and maintenance of the family of ISO/IEC 27001 ISMS standards.

Bridget Kenyon (CISSP) is Head of Information Security for University College London. Her experience in information security started in 2000 with a role in network vulnerabilities at DERA, following which she has been a Qualified Security Assessor against PCI DSS, the Information Security Officer for Warwick University and has held a variety of roles in consultancy and academia. She is editor for ISO/IEC 27013, and now chairs BSI Panel 1. She also chairs the Janet IG Working Group, which aims to provide HE input into the NHS’s Information Governance Toolkit.


•  General - Scope of this guide; Field of application; Usage; Compliance • Meeting the ISO/IEC 27001: 2013 requirements; General •  Implementing and auditing ISMS control objectives and controls - Information security policies; Management direction for information security; Organisation of information security; Internal organization; Mobile devices and teleworking; Human resource security; Asset management; Access control; Cryptography; Physical and environmental security; Operations security; Communications security; System acquisition, development and maintenance; Supplier relationships; Information security aspects of business continuity; Compliance. management. Management; Business Continuity; Compliance.

Other information security books you might be interested in...

From a more detailed understanding of the new standard to guidelines on implementation, certification and audits, we have a number of books to help you make your transition.

Standard NumberBIP 0073:2013
TitleGuide to the Implementation and Auditing of ISMS Controls based on ISO/IEC 27001
Publication Date01 November 2013
ReplacesBIP 0073:2005
DescriptorsData security, Quality auditing, Data processing, Computers, Management, Data storage protection, Certification (approval) IT and Information Management: Information Security
ISBN978 0 580 82910 9
File Size7.537 MB

 Your basket
Your basket is empty

Take the smart route to manage medical device compliance

Worldwide Standards
We can source any standard from anywhere in the world

Join us for the 10th anniversary Fire Safety Conference.


The faster, easier way to work with standards

Customers who bought this product also bought

  • BIP 0072:2013
    Are you ready for an ISMS audit based on ISO/IEC 27001?
  • BIP 0071:2013
    Guidelines on Requirements and Preparation for ISMS Certification based on ISO/IEC 27001
  • BIP 0140:2013
    Understanding the new ISO Management System Requirements
  • BIP 0074:2006
    Measuring the effectiveness of your ISMS implementations based on ISO/IEC 27001