What is BS EN ISO 27001:2016 ?

What is BS EN ISO 27001:2016 and EN ISO 27007:2017?

BS EN ISO 27001:2016 is an international standard that outlines the requirements for an information security management system (ISMS) based on the ISO/IEC 27001 standard. It is designed to ensure the confidentiality, integrity, and availability of information and the protection of information assets.

EN ISO 27007:2017 is an international standard that provides guidelines and recommendations for information security management systems auditing based on the audit process for ISO/IEC 27001. It focuses specifically on the requirements for auditing ISMS and offers guidance to internal and external auditors.

Key Elements of EN ISO 27007:2017

EN ISO 27007:2017 is a technical standard that provides guidelines and recommendations for information security management systems auditing. It is based on the international standard ISO 19011 and is specifically focused on the audit process for ISO/IEC 27001, which is the international standard for information security management systems.

The main purpose of EN ISO 27007:2017 is to provide organizations with a systematic approach to managing and conducting audits of their information security management system (ISMS). It aims to ensure that audits are carried out effectively and efficiently, and that they provide valuable insights for improving the overall security posture of an organization.

Key Components of EN ISO 27007:2017

EN ISO 27007:2017 provides guidance on the following key components:

1. The audit process for ISO/IEC 27001:2013 and ISO/IEC 27007:2013, which includes the planning, conducting, and reporting of audits.

2. The auditing criteria and the basis for the audit results.

3. The roles and responsibilities of the audit team, including the independence and objectivity of the auditors.

4. The audit methodology and the audit approach.

5. The audit results and the reporting of the audit findings.

6. The ongoing monitoring and improvement of the audit process.

In conclusion, EN ISO 27007:2017 is an important standard for organizations to ensure the effectiveness and efficiency of their information security management systems. It provides a systematic approach to auditing and helps organizations improve their overall security posture.