Expert Advice Community

Guest

Information security risk management and internal audit

  Quote
Guest
Guest user Created:   Oct 08, 2019 Last commented:   Oct 08, 2019

Information security risk management and internal audit

1. I purchased your Risk Assessment Table and Risk Treatment Table. I have completed this phase of the planning for our ISO Certification.  Now, once I have filled out the excel Spreadsheets does that count as my "Risk Report" for purposes of satisfying the mandatory document for Certification audit?
My next step is the SOA correct?

2. What course do you recommend so I can be prepared to do an internal audit and improvement for the ISMS for my company?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 08, 2019

1. I purchased your Risk Assessment Table and Risk Treatment Table. I have completed this phase of the planning for our ISO Certification.  Now, once I have filled out the excel Spreadsheets does that count as my "Risk Report" for purposes of satisfying the mandatory document for Certification audit?
My next step is the SOA correct?

First is important to note that a "Risk Report" is not a mandatory document for ISO 27001. The standard requires retention of some documents as evidence that risk assessment and treatment was performed, and for that purpose the Risk Assessment Table, the Risk Treatment Table, the Statement of Applicability (yes, this is the next step of the risk assessment and treatment process), and the Risk Treatment Plan, are enough.

This article will provide you further explanation about risk assessment and treatment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

2. What course do you recommend so I can be prepared to do an internal audit and improvement for the ISMS for my company?

As a course for internal audit I suggest you to take a look at our ISO 27001:2013 Internal Auditor Course at this link: https://training.advisera.com/se/iso-14001-internal-auditor-course/o-27001-internal-auditor-course/

In this online course, you’ll learn all the requirements and best practices of ISO 27001, but also how to perform an internal audit in your company. The course is made for beginners. No prior knowledge in information security and ISO standards is needed.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 08, 2019

Oct 08, 2019

Suggested Topics

Guest user Created:   Mar 06, 2020 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content

Guest user Created:   Mar 19, 2021 ISO 27001 & 22301
Replies: 3
0 0

ISO 27001 questions