ISO27001 Audit Services

Views:
 
     
 

Presentation Description

No description available.

Comments

Presentation Transcript

ISO 27001 Audit Services : 

ISO 27001 Audit Services Effortless Assurance October 2010

The ISMS internal audit : 

The ISMS internal audit ISO 27001 Clause 6 sets out the requirement for ISMS internal audits at planned intervals to: Identify and address non-conformances in the design of the ISMS against ISO 27001 (e.g. as a result of People/Process/Technology/Regulatory change since certification or last audit) Identify and address non-conformances in the operation of the ISMS against the documented policies, processes, procedures and controls Identify opportunities for improvement in efficiency and effectiveness of ISMS operation To form an integral part of the “Plan-Do-Check-Act” continuous improvement cycle required by ISO 27001 Feed into the Management Review process (ISO 27001 Clause 7)

In-house audit challenges : 

In-house audit challenges Unnecessary and unsustainable management overhead, hassle and worry Objectivity of internal staff may be questionable, especially if security department audit themselves (despite ‘Chinese walls’ approach) Impacts on the overall effectiveness of the assurance function, as focus shifted away from high-risk audit areas Results in ISMS being a burden rather than a business enabler and risk management instrument Scheduling and resourcing nightmare – both the business assurance plan and ISMS audit requirement must be met, often with the same resources Internal ISMS audit skills shortage and dependency on key individuals Valuable audit resources tied up in planning, performing and managing ‘routine’ ISMS audits

Our approach : 

Our approach Our engagement model is flexible to suit your specific ISMS assurance requirements You can engage us on an audit by audit basis (co-sourcing), or to manage and resource the end-to-end ISMS assurance programme (managed assurance service). Co-sourcing example: You decide whether to use internal, CS Risk or mixed resources for your audits. We operate under your direction in terms of scope and audit process. Charged on an agreed day-rate for the number of CS Risk resources used. Managed Assurance Service example: You set the objectives of the assurance programme. We develop and run your ISMS audit programme on your behalf, tailored to your ISMS, aligned with your security objectives and ISMS scope. Fixed fee for agreed audit plan plus time and materials for ad-hoc audit work.

The audit approach : 

The audit approach Annual ISMS Audit Plan Audit objective and scope Department/Section and responsible individuals in charge. Audit team members. The number of auditors depends on the audit area size. Type of management system to be audited Date, place, time of the audit and distribution date of the audit report Ensure the availability of all the resources needed and other logistics that may be required by the auditor. Verify the scope of the audit Improvement Plan & Management Review Audit findings collected through interviews, examination of documents and observation of activities and conditions Non-conformance evidence noted along with other objective evidence and observations reflecting the effectiveness of the information security management system Contains all scheduled and potential audits for the whole calendar year Include internal audits, audits done on suppliers, audit to be performed by clients and 3rd-party audits Review and analysis of findings Consolidation of findings including grouping and initial classification Interim agreement and clarification of findings with key stakeholders Final classification of findings Preparation of recommendations and audit report Formal report issued to audit sponsor Closing meeting attended by the audit team and the auditees Auditors report their findings, observations and recommendations Resolution of outstanding queries and clarifications

Why us : 

Why us We have the credentials – CISSP, CISM, CISA, ISO27001 Lead Implementer, ISO27001 Lead Auditor We have a broad background in security, IT, business, audit, compliance and risk management We have a broad industry background We are looking to establish our consultancy as a market leader in Information Security compliance – so we will pull out all the stops to deliver compliance We are committed to high-quality delivery and to provide you with value-for-money services As a smaller-sized consultancy, we are able to provide very competitive rates and give your business the focus it demands

Our services : 

Our services Information security management Security health checks and risk assessments ISO27001/ISO27002 compliance Virtual Information Security Officer (VISO) Technical security reviews Penetration testing and vulnerability scanning Vulnerability management Employee security awareness training programmes Data protection Health checks and risk assessments Data protection solutions Employee awareness training programmes PCI payment card industry compliance PCI:DSS compliance gap analyses Compliance solutions Vulnerability scanning (PCI ASV) Sarbanes-Oxley IT compliance IT control assessment and design IT control testing Compliance programme management Business continuity management BCP effectiveness reviews Business impact assessments BC strategy and planning support BS25999 compliance Outsourced business continuity management (BCM-in-a-box ) IT Audit Co-sourced IT auditors Managed IT audit services

authorStream Live Help