Iso/iec 27007

ISO/IEC 27007 part of a growing family of ISO/IEC Information Security Management System (ISMS) standards, the 'ISO/IEC 27000 series' is an information security standard being currently developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its current title is Information technology -- Security techniques -- Guidelines for Information security management systems auditing.

ISO/IEC 27007 will provide guidance for those auditing ISMSs for various purposes other than certified compliance with ISO/IEC 27001 (which is covered by ISO/IEC 27006), purposes such as:

  • Internal auditing, for example for IT auditors to confirm that an organization's information security controls adequately mitigate its information security risks;
  • External auditing, including IT audits conducted as part of financial audits (e.g. confirming that the information security controls relating to the general ledger or procurement systems and processes are adequate for the auditors to place reliance on the associated data/information) and audits of the third party ISMSs (such as those operated by IT service suppliers whether to check their adequacy per se or to confirm that contractual obligations on them in relation to information security are satisfied);
  • Management reviews, including those conducted routinely as part of an operating ISMS to check that everything is in order, and ad hoc audits following information security incidents, as part of the root cause analysis to generate corrective actions.

See also

External links

  • ISO Website
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.