The ISO revealed associate standard for information security management system (ISMS) known as ISO 27001. The standard helps a corporation to formulate a well-established policy and mechanism to confirm a good ISO 27001 information security management system that should be audited and reviewed at intervals. ISO 27001 auditing is completed by asking ISO 27001 audit checklists that facilitate to spot threats and certify structure information security policy is being adequately enforced. When a management head of organization or consultant is going to prepare checklist for ISO 27001, he must prepare questionnaire with following basic auditing questions, which will resulted them a effectively implemented Information security management system.
Information Security
Is there an information security policy within the organization that management and acceptable workers are clearly aware of? Is that this policy reviewed sporadically to form positive existing information security system remains reliable? Another question that ought to be looked into throughout ISO 27001 auditing is whether or not the results of management counterintelligence are taken into thought. Will management show active support for information security measures? Is that the management authorization method outlined and enforced for any new scientific discipline facility within the organization?
Asset Management and Human Resources
Has management known all assets and inventory? Is there a register maintained with all necessary assets? The opposite ISO audit checklist question is whether or not the knowledge is assessed in step with its worth, sensitivity and importance. Are there procedures that are outlined for information labeling and handling in accordance with classification policy adopted by the organization? Are the employees’ security and responsibilities clearly outlined and ISO27001 documents in step with the organization’s data security policy?
Physical Protection
Is the physical infrastructure ok to guard the knowledge process service? Do entry controls exist to permit solely approved personnel into restricted areas? However comfortable is that the protection against injury from hearth, natural disaster, civil unrest and alternative synthetic disaster designed and implemented? Is there potential threat from neighboring premises?
ISO Certification Audit Checklist 