ISO/IEC JTC 1/SC 27 N6222 ISO/IEC JTC 1/SC 27/WG 1 N16222 REPLACES: N5963 ISO/IEC JTC 1/SC 27 Information technology - Security techniques Secretariat: DIN, Germany DOC TYPE: text for Working Draft TITLE: Text for ISO/IEC 1st WD 27007 -- Information technology -- Security techniques -- Guidelines for information security management systems auditing SOURCE: Project Editor (A. Plate) DATE : 2007-11-02 PROJECT: 27007 STATUS: In accordance with resolution 6 (see SC27 N6306) of the 35th SC 27/WG 1 Plenary meeting held in Lucerne (Switzerland), 1st - 5th October 2007, this document is being circulated for STUDY AND COMMENT. National Bodies and liaison organizations of SC 27 are requested to send their comments / contributions on the above-mentioned Working Draft by 2008-03-14. PLEASE NOTE: For comments please use THE SC 27 TEMPLATE separately attached to this document. ACTION: COM DUE DATE: 2008-03-14 DISTRIBUTION: P-, O- and L-Members W. Fumy, SC 27 Chairman M. De Soete, SC 27 Vice Chair T. Humphreys, K. Naemura, M. Ohlin, M.-C. Kang, K. Rannenberg, WG-Conveners MEDIUM: Livelink-server NO. OF PAGES: 1 + 18 Secretariat ISO/IEC JTC 1/SC 27 DIN Deutsches Institut für Normung e. V., Burggrafenstr. 6, 10772 Berlin, Germany Telephone: + 49 30 2601-2652; Facsimile:+ 49 30 2601-1723; E-Mail: krystyna.passia@din.de; HTTP://www.jtc1sc27.din.de/en © ISO/IEC 2007 – All rights reserved ISO/IEC JTC 1/SC 27 N6223 Date: 2007-11-2 ISO/IEC WD 27007 ISO/IEC JTC 1/SC 27/WG 1 Secretariat: DIN Information technology — Security techniques — Guidelines for information security management systems auditing Technologies de l'information — Techniques de sécurité Warning This document is not an ISO International Standard. It is distributed for review and comment. It is subject to change without notice and may not be referred to as an International Standard. Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to provide supporting documentation. Document type: International Standard Document subtype: Document stage: (20) Preparatory Document language: E D:\Eigene Dateien\Project_admin\27007_ISMS_Auditor_Guidelines_27007_May2007\02_01_1stWD_27007_Nov2007\S C27N6222_1stWD_27007_Nov2007\SC27N6222_1stWD_27007_Nov2007.doc STD Version 2.2 ISO/IEC WD 27007 Copyright notice This ISO document is a working draft or committee draft and is copyright-protected by ISO. While the reproduction of working drafts or committee drafts in any form for use by participants in the ISO standards development process is permitted without prior permission from ISO, neither this document nor any extract from it may be reproduced, stored or transmitted in any form for any other purpose without prior written permission from ISO. Requests for permission to reproduce this document for the purpose of selling it should be addressed as shown below or to ISO's member body in the country of the requester: Secretariat ISO/IEC JTC 1/SC 27 DIN German Institute for Standardization DE-10772 Berlin Tel. + 49 30 2601 2652 Fax + 49 30 2601 1723 E-mail krystyna.passia@din.de Web http://www.jtc1sc27.din.de/en (public web site) http://isotc.iso.org/isotcportal/index.html (SC 27 documents) Reproduction for sales purposes may be subject to royalty payments or a licensing agreement. Violators may be prosecuted. © ISO/IEC 2007 – All rights reserved iii ISO/IEC WD 27007 Contents Page Foreword..............................................................................................................................................................v Introduction this Standard ...............................................................................................................................vi 1 Scope ......................................................................................................................................................1 2 Normative References...........................................................................................................................1 3 Terms and Definitions ...........................................................................................................................1 4 4.1 Principles of auditing ............................................................................................................................2 IS Principles of auditing............................................