ISO/IEC INTERNATIONAL STANDARD 27007 Third edition 2020-01 Informationsecurity,cybersecurity and privacy protection Guidelines for information security management systems auditing Securite de I'information,cybersécurite etprotection des donnees priveesLignes directrices pourI'auditdessystemesde managementdelasecuritedeIinformation Referencenumber IEC IS0/IEC27007:2020(E) OSI IS0/IEC2020 IS0/IEC27007:2020(E) COPYRIGHTPROTECTEDDOCUMENT @IS0/IEC2020 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may on the internet or an intranet, without prior written permission. Permission can be requested from either IsO at the address below or ISo's member body in the country of the requester. ISO copyright office CP 401 · Ch. de Blandonnet 8 CH-1214 Vernier, Geneva Phone: +4122 749 01 11 Fax: +41 22 749 09 47 Email:[email protected] Website: www.iso.org Published in Switzerland i IS0/IEC 2020 - All rights reserved IS0/IEC27007:2020(E) Contents Page Foreword v Introduction. .vi 1 Scope. .1 2 Normativereferences. .1 3 Terms anddefinitions .1 4 Principles of auditing 5 Managinganauditprogramme 1 5.1 General 1 5.2 Establishingauditprogrammeobjectives. 1 5.3 Determiningand evaluatingauditprogrammerisksand opportunities 2 5.4 Establishingauditprogramme 2 5.4.1 Roles and responsibilities ofthe individual(s) managing audit programme 2 5.4.2 Competenceofindividual(s)managingauditprogramme .2 5.4.3 Establishingextentoftheauditprogramme 2 5.4.4 Determiningauditprogrammeresources. 3 5.5 Implementingauditprogramme. .3 5.5.1 General. .3 5.5.2 Defining the objectives, scope and criteriafor an individual audit 3 5.5.3 Selecting and determining audit methods. 4 5.5.4 Selectingauditteammembers.. 4 5.5.5 Assigning responsibilityforan individual audit to theaudit teamleader 4 5.5.6 Managing auditprogrammeresults. 4 5.5.7 Managingandmaintainingauditprogrammerecords 4 5.6 Monitoringauditprogramme. .5 5.7 Reviewingand improvingauditprogramme .5 6 Conducting an audit .5 6.1 General. 5 6.2 Initiating audit. .5 6.2.1 General. .5 6.2.2 Establishingcontactwithauditee 5 6.2.3 Determiningfeasibilityofaudit .5 6.3 Preparing audit activities 5 6.3.1 Performingreviewofdocumentedinformation 5 6.3.2 Auditplanning 5 6.3.3 Assigningwork toauditteam 6.3.4 Preparing documented informationforaudit 6 6.4 Conducting auditactivities. 6 6.4.1 General. .6 6.4.2 Assigningrolesand responsibilities ofguides and observers 6 6.4.3 Conducting opening meeting .6 6.4.4 Communicating duringaudit 6 6.4.5 Audit informationavailabilityand access 6 6.4.6 Reviewingdocument informationwhileconductingaudit 6 6.4.7 Collectingandverifyinginformation .7 6.4.8 Generating audit findings... .7 6.4.9 Determiningaudit conclusions .7 6.4.10 Conducting closingmeeting. .1 6.5 Preparing and distributing audit report .7 6.5.1 Preparing audit report. .7 6.5.2 Distributing audit report .7 6.6 Completingaudit. .7 6.7 Conducting audit follow-up. .7 IS0/IEC 2020 All rights reserved ili IS0/IEC27007:2020(E) 7 Competenceandevaluationofauditors 8 7.1 General 8 7.2 Determiningauditor competence 8 7.2.1 General. 8 7.2.2 Personalbehaviour. 8 7.2.3 Knowledge and skills .8 7.2.4 Achievingauditorcompetence 9 7.2.5 Achievingauditteamleadercompetence 9 7.3 Establishing auditor evaluation criteria. 9 7.4 Selectingappropriateauditor evaluation method 9 7.5 Conducting auditorevaluation. 9 7.6 Maintainingand improvingauditor competence 9 AnnexA(informative)GuidanceforISMSauditingpractice .10 Bibliography .39 iv IS0/IEC2020-Allrightsreserved IS0/IEC27007:2020(E) Foreword ISo(the International OrganizationforStandardization)andIEC (theInternationalElectrotechnical Commission)form thespecialized systemfor worldwide standardization.National bodiesthat are members of IsO or IEC participate in the development of International Standardsthrough technical committees established bythe respective organizationto deal withparticularfields of technical activity.

pdf文档 ISO-IEC 27007 英文版 2022

文档预览
中文文档 26 页 50 下载 1000 浏览 0 评论 0 收藏 3.0分
温馨提示:本文档共26页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
ISO-IEC 27007 英文版 2022 第 1 页 ISO-IEC 27007 英文版 2022 第 2 页 ISO-IEC 27007 英文版 2022 第 3 页
下载文档到电脑,方便使用
本文档由 思安 于 2022-11-26 11:37:31上传分享
站内资源均来自网友分享或网络收集整理,若无意中侵犯到您的权利,敬请联系我们微信(点击查看客服),我们将及时删除相关资源。