Introduction To ISO 27007 (ISO27007)
ISO 27007 will offer guidance for auditing an Information Security Management System (ISMS) against ISO 27001. Its envisaged useis primarily by accredited certification bodies and similar. Its approach is likely to be aligned to that adopted by the EMS standard, ISO 19011.
It is currently at the Working Draft development stage, with projected publication late in 2009.
THE CONTENTS OF ISO 27007
The preliminary draft suggests the following:
- Introduction to this Standard
- Normative References
- Terms and Definitions
- Principles of Auditing
- Audit Activities
- Competence and Evaluation of Auditors