Recently published, ISO/IEC 27007:2011 and ISO/IEC 27008:2011 are the two essential standards for ISMS internal and external auditors. If you are undertaking an audit and want best practice guidance, this is the duo of standards you need.
- ISO/IEC 27007:2011 – provides guidance on conducting information security management system (ISMS) audits and managing ISMS audit programmes.
- ISO/IEC 27008:2011 – provides guidance on reviewing the implementation and operation information security controls within an organisation.
Organisations interested in using or applying these standards should acquire copies, which are available through our site in both hard copy and downloadable formats.