ISO 27001 Assessments Without Tears: A Pocket Guide (Soft Cover)

Print this page

List Price:

~~£5.95 GBP~~

Our Price:

£4.95 GBP
($8.18 USD)
(€5.69 EUR)

You Save:

£1.00 GBP

Quantity:

Select your format:[i]

Prepare your people for an information security assessment now!

An information security assessment looks at whether your information security management system measures up to the requirements of ISO27001. In the course of an assessment to ISO27001, the auditor may ask questions of anyone within your organisation, so it makes sense to ensure that your staff know what sort of thing to expect and understand the proper way to handle the assessment.

The perfect tool to train everybody to play their part in your ISO27001 assessment

Written in a clear, plain style, this pocket guide offers helpful advice and reassurance to employees about what an assessment involves. This handy pocket guide covers:

What an assessment is
Why information security is important
What happens during an assessment
What to consider when answering an auditor’s questions
What happens when an auditor finds something wrong
Your policies and how to prepare
Further information: who to ask.

Questions and answers

An information security assessment should be seen as an opportunity. By obtaining ISO27001 certification, your company will be able to demonstrate to your customers and to the public that you are operating good practice. This is why an organisation will invite in an auditor from an approved “third party accredited certification body” to come in and assess the effectiveness of your information security management system (ISMS).

In the case of an internal or external audit, it is especially likely that the auditor will question a broad cross-section of the people inside your organisation. One of the most valuable sections of this guide offers advice to employees on what to do, and what not to do, when responding to questions from the auditor. Arguing with the auditor, or trying to pull the wool over their eyes, is a bad idea, and certainly not in the company’s best interests. The right way for your staff to deal with the auditor is to answer their questions briefly, factually and accurately.

Provide your staff with this pocket guide and achieve the following benefits:

Raise awareness
Under ISO27001 your organisation has to have an information security policy. But are your people familiar with the policy? And do they know the procedure for reporting an information security incident? By helping your staff to prepare for an assessment, this book will also raise their overall awareness of the information security issue and give them a greater sense of their information security responsibilities.
Safeguard your business information
A data breach can be highly damaging to your company’s reputation. So you need to protect yourself from fraud and take proper care of your customer data. The audit offers you an opportunity to find out where there is room for improvement in your information security policy. If there is, then you need to know about it.
Ease the path to compliance
For many companies and public sector organisations, certification to ISO27001 is now a matter of necessity rather than choice. Use this concise, authoritative guide to bring your team on board and make the process as painless as possible.
Win new business
Increasingly, corporate clients demand that their suppliers and partners obtain certification to ISO27001. Preparing staff for the audit, and smoothing the path to ISO27001 certification, can help your company to win important contracts and increase sales.

Alan Calder, chief executive of IT Governance, commented, “As infosecurity and governance become increasingly mainstream topics, so a wider range of professionals are being drawn into their ambit. These pocket books are ideal for people who need a quick overview of the main issues, either to work effectively with colleagues or to identify any areas for more detailed reading.”

Provide your staff with clear, easy to follow guidance and get your ISO27001 assessment right!

Here is more information on this pocket guide

About the author:

Steve G. Watkins leads the consultancy and training services of IT Governance Ltd. In his various roles in both the public and private sectors, he has been responsible for most support disciplines. He has over 20 years' experience of managing integrated management systems, including maintenance of Information Security, Quality, Environmental and Investor in People certifications. As well as being a ISO27001 and ISO9000 lead auditor, Steve is a trained EFQM Assessor and holds diplomas in safety and financial management. He is Chair of the ISO/IEC27001 User Group, the UK Chapter of the ISMS International User Group and was recently invited to become, and is now, an ISMS Technical Expert for UKAS, advising on their assessments of Certification Bodies offering ISO27001 accredited certification. Steve sits on the Management Committee of the British Standards Society, where he chairs the Corporate Governance Group and is an active member of the committee responsible for writing BS31100, the British Standard for Risk Management (Code of Practice).

We also offer this pocket guide in pack sizes of 10, 20 and 50 copies - make sure you have enough for everyone to have their own copy.

Author: Steve G. Watkins
Publisher: IT Governance Publishing
Format: Soft Cover
ISBN: 9781905356188
Pages: 28
Published: 7 March 2007
Availability: In Stock