18 pages

English

Audit Process Clusis 2 [Read-Only]

Jedul

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

18 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

ISO 27001:2005 O00Audit ProcessusTHE SSGS GROUUP IS THEE GLOBAALL LEADERR AND INNOVATOR IN INSPECTION, VERIFICATION, INTOSNIC, TESTING & CERTIFICATION SERVICESTIERTIV„ Established in 1878 - Head Office in Geneva, Switzerland„ 42’000 employees -1000 Offices and 385 Laboratories in more than 140 Countries „ SGS is recognized as the global benchmark in quality and integrity„ Global accreditation for numerous management systems standards„ UKAS Accredited ISO 27001 Certification Body (no. 005)2October 3, 2006I nformation Security ConceptsotSriopWhat is information?Ensuring that information “Information can exist in many forms. is accessible only to It can be printed or written on paper, those authorized to have stored electronically, transmitted by Confidentialityaccess.post or using electronic means, shown on films, or spoken in conversation”AvailabilityEnsuring that authorized users have access to Informationatinformation and associated assets when Safeguarding the accuracy required. and completeness of information and processing IntegrityMethods.3October 3, 2006Is Information Security Important?Information is the key to success and growth for an organisation.You do not want this happening to you…ƒ 15.000 hospital records found in a waste binƒ 30.000 passwords to Internet accounts published on the Internetƒ 25 people from the development department moved to a ...

Informations

Publié par	Jedul
Nombre de lectures	50
Langue	English

Extrait

I S O 27001:20 0 5 A udit Process

Ofd cefi8 87ea-H deh1 niatsEsilb42000 ezerlandav ,wStii neGenLa85 3nd aesicffO 0001- seeyolpm re nomsei otirobarres iGSedizgnco eht sa b labolg han toCnu41 0 sSrteiGlyalobcc adireitatf non roremuenchmark in qualti yna dnietrgti detiderccASAKUifrtCe1 0027O IStns egemamanuo sardstandms systeoByd( oncitaoi n

October 3, 2006

T HE SGS GROUP IS THE GLOBAL LEA DE R AND INNOVATOR IN INSPECTION, V ERIFICATION, T ES T I NG & CERTIFICATION SERVICE S

. 005)

    

I nfor m a t i o n Sec u ri t y C o n ce pt s

What is information? “Information can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post or using electronic means, shown on films, or spoken in conversation”

October 3, 2006

Ensuring that information is accessible only to Confidentiality tahcocsees sa.uthorized to have

Safeguarding the accuracy eteness of iannfodr cmoamtiopln and processing Integrity Methods.

Availability

Ensuring that authorized users have access to information and associated assets when required.

Is Information Security Important?

Information is the key to success and growth for an organisation.

You do not want this happening to you …  15.000 hospital records found in a waste bin  30 000 passwords to Internet accounts published on the Internet .  25 people from the development department moved to a competitor  Banks pay millions to blackmailing crackers  300.000 account numbers stolen - some published on the WEB

October 3, 2006

October 3, 2006

St ru ct ure of I S O 2 7 0 0 1

 ISO 2700:2005 proposes measures for an efficient information security management framework. ISO 27001 helps an organization establish an information security management system (ISMS) and thus prepare for the audit.

ISO 27001 contains 39 control objectives and 133 controls essential as basis for an ISMS.

ISO 2 7 0 0 1 General C la u ses

4 Information security management system

4.1 General requirements

4.2 Establishing and managing the ISMS

4.2.1 Establish the ISMS

4.2.2 Implement and operate the ISMS

4.2.3 Monitor and review the ISMS

4.2.4 Maintain and improve the ISMS

4.3 Documentation requirements

4.3.1 General

4.3.2 Control of documents

4.3.3 Control of records

October 3, 2006

5 Management responsibility

5.1 Management commitment

5.2 Resource management

5.2.1 Provision of resources

5.2.2 Training, awareness and competence

6 Internal ISMS audits

7 Management review of the ISMS

7.1 General

7.2 Review input

7.3 Review output

8 ISMS improvement

8.1 Continual improvement

8.2 Corrective action

8.3 Preventive action

A nne x A St ruct ure

1. Information Security Policy 11. Compliance

10. Bus. Continuity Planning

9. Security Incident Mgmt.

8. Systems Acquisition, Dev t & Maintenance

October 3, 2006

7. Access Controls

Implement

39 Control Objectives & 133 Controls

2. Organisational Security

3. Asset Management

4. Human Resources Security

5. Physical & Enviro Secur 6. Communications ity & Operations Mgmt.

October 3, 2006

Annex A o b j ec t ives & cont rols

Tot al

3 9

1 3 3

onctorontlr oolbsjectives

SGS IS RECOGNIZED AS THE GLOBAL BENCHMARK IN QUALITY AND INTEGRITY

October 3, 2006

Client

How w e s t ar t ?

Enquire Cert ificat ion Service

SGS I SMS Quest ionnaire

SGS Quest ionnaire + SOA

Sit e Visit / Audit Scope

Proposal / Cont ract

Proposal & Cont ract Signed

Cert ificat ion Arrangement

Confirmed Audit Arrangement s

SGS

Audit Pr o cess F l o w

Info rm a l / Option

Form al Re q u i rement

October 3, 2006

Renewal

Pre-Assessment

St age 1 Document at ion Review

St age 2 Onsit e Audit Maj or N/ C Recommend Aw ard Close Out

Surveillance (V2) Surveillance (V4) Surveillance (V3) ombine or Joint Audit

Surveillance (V5)

Surveillance (V4)

Audit Pr o ce ss Flow

Gap Analysis

- Status of implementation - Option, not mandatory - Processes not fully covered - Duration by request

October 3, 2006

Pre-Assessment

Document at ion Review

ge 2 Onsit e Audit Maj or N/ C Recommend Aw ard Close Out

Surveillance (V2) Surveillance (V4) Surveillance (V3) ombine or Joint Audit

Surveillance (V5)

Surveillance (V4)

Univers
Ebooks
Livres audio
Presse
Podcasts
BD
Documents

Livre audio en ligne - Développement personnel Livre en ligne Tout le catalogue Tous les Intérêts

Audit Process Clusis 2 [Read-Only]

YouScribe

Le catalogue

Le service

Les conditions