Audit Process Clusis 2 [Read-Only]
18 Pages
English
Downloading requires you to have access to the YouScribe library
Learn all about the services we offer

Audit Process Clusis 2 [Read-Only]

Downloading requires you to have access to the YouScribe library
Learn all about the services we offer
18 Pages
English

Description

ISO 27001:2005 O00Audit ProcessusTHE SSGS GROUUP IS THEE GLOBAALL LEADERR AND INNOVATOR IN INSPECTION, VERIFICATION, INTOSNIC, TESTING & CERTIFICATION SERVICESTIERTIV„ Established in 1878 - Head Office in Geneva, Switzerland„ 42’000 employees -1000 Offices and 385 Laboratories in more than 140 Countries „ SGS is recognized as the global benchmark in quality and integrity„ Global accreditation for numerous management systems standards„ UKAS Accredited ISO 27001 Certification Body (no. 005)2October 3, 2006I nformation Security ConceptsotSriopWhat is information?Ensuring that information “Information can exist in many forms. is accessible only to It can be printed or written on paper, those authorized to have stored electronically, transmitted by Confidentialityaccess.post or using electronic means, shown on films, or spoken in conversation”AvailabilityEnsuring that authorized users have access to Informationatinformation and associated assets when Safeguarding the accuracy required. and completeness of information and processing IntegrityMethods.3October 3, 2006Is Information Security Important?Information is the key to success and growth for an organisation.You do not want this happening to you…ƒ 15.000 hospital records found in a waste binƒ 30.000 passwords to Internet accounts published on the Internetƒ 25 people from the development department moved to a ...

Subjects

Informations

Published by
Reads 49
Language English

Exrait

I S O 27001:20 0 5 A udit Process
Ofd cefi8 87ea-H deh1 niatsEsilb42000 ezerlandav ,wStii  neGenLa85 3nd aesicffO 0001- seeyolpm            re   nomsei otirobarres  iGSedizgnco eht sa b labolg        han    toCnu41 0 sSrteiGlyalobcc adireitatf non roremuenchmark in qualti yna dnietrgti detiderccASAKUifrtCe1 0027O IStns egemamanuo sardstandms systeoByd( oncitaoi n
2
October 3, 2006
T HE SGS GROUP IS THE GLOBAL LEA DE R                    AND INNOVATOR  IN INSPECTION, V ERIFICATION, T ES T I NG & CERTIFICATION SERVICE S
. 005)
I nfor m a t i o n Sec u ri t y  C o n ce pt s
What is information? “Information can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post or using electronic means, shown on films, or spoken in conversation”
October 3, 2006
Ensuring that information is accessible only to Confidentiality tahcocsees sa.uthorized to have 
Safeguarding the accuracy eteness of iannfodr cmoamtiopln and processing Integrity Methods.
Availability
Ensuring that authorized users have access to information and associated assets when required.
3
Is Information Security Important?
Information is the key to success and growth for an organisation.
You do not want this happening to you 15.000 hospital records found in a waste bin 30 000 passwords to Internet accounts published on the Internet . 25 people from the development department moved to a competitor Banks pay millions to blackmailing crackers 300.000 account numbers stolen - some published on the WEB
October 3, 2006
4
October 3, 2006
St ru ct ure of I S O 2 7 0 0 1
ISO 2700:2005 proposes measures for an efficient information security management framework. ISO 27001 helps an organization establish an information security management system (ISMS) and thus prepare for the audit.
ISO 27001 contains 39 control objectives and 133 controls essential as basis for an ISMS.
5
ISO 2 7 0 0 1 General C la u ses
4 Information security management system
4.1 General requirements
4.2 Establishing and managing the ISMS
4.2.1 Establish the ISMS
4.2.2 Implement and operate the ISMS
4.2.3 Monitor and review the ISMS
4.2.4 Maintain and improve the ISMS
4.3 Documentation requirements
4.3.1 General
4.3.2 Control of documents
4.3.3 Control of records
October 3, 2006
5 Management responsibility
5.1 Management commitment
5.2 Resource management
5.2.1 Provision of resources
5.2.2 Training, awareness and competence
6 Internal ISMS audits
7 Management review of the ISMS
7.1 General
7.2 Review input
7.3 Review output
8 ISMS improvement
8.1 Continual improvement
8.2 Corrective action
8.3 Preventive action
6
A nne x A St ruct ure
1. Information Security Policy 11. Compliance
10. Bus. Continuity Planning
9. Security Incident Mgmt.
8. Systems Acquisition, Dev t & Maintenance
October 3, 2006
7. Access Controls
Implement
39 Control Objectives & 133 Controls
2. Organisational Security
3. Asset Management
4. Human Resources Security
5. Physical & Enviro Secur 6. Communications ity & Operations Mgmt.
7
October 3, 2006
Annex A o b j ec t ives & cont rols
Tot al
3 9
c
1 3 3
onctorontlr oolbsjectives
SGS IS RECOGNIZED AS THE GLOBAL BENCHMARK IN QUALITY AND INTEGRITY
8
October 3, 2006
Client
How w e s t ar t ?
Enquire Cert ificat ion Service
SGS I SMS Quest ionnaire
SGS Quest ionnaire + SOA
Sit e Visit / Audit Scope
Proposal / Cont ract
Proposal & Cont ract Signed
Cert ificat ion Arrangement
Confirmed Audit Arrangement s
SGS
9
Audit Pr o cess F l o w
Info rm a l  / Option
Form al Re q u i rement
October 3, 2006
Renewal
Pre-Assessment
St age 1 Document at ion Review
St age 2 Onsit e Audit Maj or N/ C Recommend Aw ard Close Out
Surveillance (V2) Surveillance (V4) Surveillance (V3) ombine or Joint Audit
Surveillance (V5)
Surveillance (V4)
10
Audit Pr o ce ss Flow
Gap Analysis
- Status of implementation - Option, not mandatory - Processes not fully covered - Duration by request
October 3, 2006
Pre-Assessment
Document at ion Review
ge 2 Onsit e Audit Maj or N/ C Recommend Aw ard Close Out
Surveillance (V2) Surveillance (V4) Surveillance (V3) ombine or Joint Audit
Surveillance (V5)
Surveillance (V4)
11