New to the ISO 27001 space, on my first day with my first client, what discussions do I need to engage in, what do I need to do, what to ask, who to engage etc. to commence 1) an ISO 27001 audit 2) ISO27001 Implementation?
Generally speaking, you need to understand the objectives the client wants to achieve, its line of business, and how the business is organized. Based on this information you can develop additional questions and identify additional persons to talk to.
Please note that there are no set of definitive questions to be asked, only general topics to be covered.
To become an ISO 27001 auditor or ISO 27001 implementer, you should first acquire experience in these fields, and the most common ways are to work inside your current company auditing/implementing information security or working for an established consultant.
For more information about auditing/implementing ISO 27001 and how to become a consultant, please read: