ISO 27007 标准

ISO 27007 标准Information technology — Security techniques — Guidelines for information security management systems auditing Introduction this Standard ISO 19011 Guidelines for quality and/or environmental management systems auditing is an International Standard which provides guidance on the principles of auditing, managing audit programmes, conducting quality management system audits and environmental management system audits, as well as guidance on the competence of quality and environmental management system auditors. If organizations want to conduct internal or external audits of Information Security Management Systems (ISMS) in accordance with ISO/IEC 27001:2005, some additional guidance to the standard ISO 19011 are necessary and are provided by this International Standard. The text in this International Standard follows the structure of ISO 19011, and the additional ISMS-specific guidance on the application of ISO 19011 for ISMS audits are identified by the letters “IS”. This International Standard provides guidance on the management of audit programmes, the conduct of internal or external audits of ISMSs, as well as on the competence and evaluation of auditors. It is intended to apply to a broad range of potential users, including auditors, organizations implementing ISMSs, organizations needing to conduct audits of ISMSs, and organizations involved in auditor certification or training, in certification/registration of management systems, in accreditation or in standardization in the area of conformity assessment.