Scope of areas under ISO 27001
1. Kindly send the scope of areas under ISO 27001.
2. Does it cover all areas under IS Audit
Assign topic to the user
1. Kindly send the scope of areas under ISO 27001.
I'm assuming you are referring to the areas covered by controls of ISO 27001 Annex A.
Considering that, these are the areas covered by ISO 27001:
- Information security policies
- Organization of information security
- Human resource security
- Asset management
- Access control
- Cryptography
- Physical and environmental security
- Operations security
- Communications security
- System acquisition, development, and maintenance
- Supplier relationships
- Information security incident management
- Information security aspects of business continuity management
- Compliance
For further information, see:
- A quick guide to ISO 27001 controls from Annex A https://advisera.com/27001academy/iso-27001-controls/
2. Does it cover all areas under IS Audit
I'm assuming that by IS Audit you mean Information System Audit.
Considering that, ISO 27001 Annex A controls cover most of what would be expected in an Information System Audit.
For further information, see:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Oct 22, 2020