INTRODUCTION
This pocket book explains what an assessment is, why organisations bother with them, and what individual staff should do and, perhaps as importantly, not do if an auditor chooses to question them.
The fact that your organisation has made this available to you suggests you are seeking, or have, ISO 27001 certification. It is therefore worth reading through this short introduction to understand:
• What an assessment is
• Why information security is important
• What happens during an assessment
• What to consider when answering an auditor’s questions
• What happens when an auditor finds something wrong
• Your policies and how to prepare
• Further information: who to ask
And finally there is an appendix explaining some of the terms ...
Get ISO27001 Assessments Without Tears now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
