ISO/IEC INTERNATIONAL STANDARD 27007 Third edition 2020-01-21 Information security,cybersecurity andprivacyprotection-Guidelines for information securitymanagement systemsauditing Securite del'information, cybersecurite et protection des donnees privees-Lignes directricespourI'auditdessystemesde managementdelasecuritedelinformation dasaut0001 Referencenumber IS0/IEC27007:2020(E) @IS0/IEC2020 IS0/IEC27007:2020(E) dasauto001 COPYRIGHTPROTECTEDDOCUMENT ISo/IEc2020,PublishedinSwitzerland All rights reserved.Unless otherwise specified, no part ofthis publication may be reproduced or utilized otherwise In anyform or by any means,electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior writtenpermission,Permission canberequested fromeitherIsOatthe addressbeloworIso'smemberbodyinthecountryof therequester. ISO copyright office Ch.deBlandonnet8-Cp401 CH-1214 Vernier, Geneva, Switzerland Tel.+41227490111 Fax+41227490947 copyright@iso.org www.iso.org ii IS0/IEC2020-Allrightsreserved IS0/IEC27007:2020(E) Contents Page Foreword Introduction. .vi 1 Scope. 1 2 Normativereferences .1 3 Terms and definitions 1 4 Principles ofauditing 1 5 Managingan audit programme 1 5.1 General 1 5.2 Establishingauditprogrammeobjectives 5.3 Determining and evaluating auditprogrammerisks and opportunities 2 5.4 Establishing audit programme. 2 5.4.1 Roles and responsibilities ofthe individual(s)managingauditprogramme 2 5.4.2 Competence of individual(s)managingaudit programme 2 5.4.3 Establishing extent ofthe audit programme 2 5.4.4 Determiningauditprogrammeresources 5.5 Implementingauditprogramme. 3 5.5.1 General. 3 5.5.2 Defining the objectives, scope and criteriaforanindividual audit 3 5.5.3 Selecting and determining audit methods. 4 5.5.4 Selectingauditteammembers 4 5.5.5 Assigning responsibilityfor an individualauditto theaudit teamleader 4 5.5.6 Managing auditprogrammeresults.. 4 5.5.7 Managing and maintainingauditprogrammerecords 4 5.6 Monitoringaudit programme 4 5.7 Reviewingand improving auditprogramme 4 Conducting an audit 5 6 6.1 General, 5 6.2 Initiating audit. 5 6.2.1 General. 5 6.2.2 Establishing contact with auditee 6.2.3 Determiningfeasibilityofaudit. 5 6.3 Preparing audit activities.. 6.3.1 Performingreviewofdocumentedinformation 5 6.3.2 Auditplanning. 5 6.3.3 Assigningworktoauditteam. 5 6.3.4 Preparing documented information for audit 6 6.4 Conducting auditactivities 6 6.4.1 Generaln 6 6.4.2 Assigning roles and responsibilities of guides and observers 6 6.4.3 Conducting opening meeting 6 6.4.4 Communicating during audit 6 6.4.5 Auditinformationavailabilityandaccess 6 6.4.6 Reviewing documentinformation while.conducting audit 6 6.4.7 Collecting and verifying information 6 6.4.8 Generating audit findings. 6.4.9 Determining audit conclusions 7 6.4.10 Conducting closing meeting 6.5 Preparing and distributing audit report 7 6.5.1 Preparing audit report. 7 6.5.2 Distributing audit report 6.6 Completingaudit. 7 6.7 Conducting auditfollow-up IS0/IEC2020-Allrightsreserved ii IS0/IEC27007:2020(E) 7 Competenceandevaluationofauditors 7.1 General 7.2 Determining auditorcompetence 8 7.2.1 General 8 7.2.2 Personal behaviour. 8 7.2.3 Knowledgeandskills 8 7.2.4 Achieving auditor competence. 8 7.2.5 Achievingauditteamleadercompetence 9 7.3 Establishingauditorevaluationcriteria 9 7.4 Selectingappropriateauditorevaluationmethod 7.5 Conducting auditor evaluation 9 7.6 Maintaining andimproving auditorcompetence AnnexA(informative)GuidanceforISMSauditingpractice 10 Bibliography 51 casauto001 iv @IS0/IEC2020-All rightsreserved IS0/IEC27007:2020(E) Foreword Iso (theInternationalOrganizationforStandardization)and IEc (theInternational Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are membersofisO oriEc participateinthe developmentofInternational Standardsthroughtechnical committees established by the respective organization to deal with particular fields of tec

pdf文档 ISO IEC 27007-2020

文档预览
中文文档 57 页 50 下载 1000 浏览 0 评论 0 收藏 3.0分
温馨提示:本文档共57页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
ISO IEC 27007-2020 第 1 页 ISO IEC 27007-2020 第 2 页 ISO IEC 27007-2020 第 3 页
下载文档到电脑,方便使用
本文档由 思安2022-11-26 11:34:40上传分享
给文档打分
您好可以输入 255 个字符
网站域名是多少( 答案:github5.com )
评论列表
  • 暂时还没有评论,期待您的金玉良言