0% found this document useful (0 votes)

8 views

Exercises

Uploaded by

deviddevid287

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

8 views

Exercises

Uploaded by

deviddevid287

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 32

www.pecb.

com

EXERCISES
Worksheet

CERTIFIED ISO/IEC 27001 LEAD AUDITOR

TRAINING COURSE
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

Exercise 1: Reasons to implement an ISMS based on ISO/IEC 27001

List and explain three significant advantages that organizations would gain by
implementing an information security management system based on ISO/IEC 27001.
In addition, explain how the organizations can measure these advantages by means
of metrics.

.....................................................................................................................................

Page 2 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

Exercise 2: Ethics
How should the auditor handle the following situations? Prepare to discuss your
answers in class.

1. The auditee asks the auditor to depersonalize the audit notes so they can use
the notes to create a case study. This case study will be used for internal
purposes only.

.....................................................................................................................................

2. During the audit, an auditor discovers evidence of bribery involving senior

management. The bribery scheme involves payments made to secure favorable
contracts and manipulate business competition.

.....................................................................................................................................

3. A former employee of the auditee contacts the auditor to inform them that the
auditee has several security problems that it is trying to conceal before the audit.
This person proposes to send documented evidence to prove their claims.

.....................................................................................................................................

Page 3 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

4. The auditor detected a nonconformity during the audit of a small organization.

The auditor believes that this nonconformity has occurred because the employee
responsible was recently hired and is not experienced to carry out the task. In
addition, the auditor suspects that, if the nonconformity is reported, the senior
executive of the organization, a quick-tempered man, will get furious with the
employee and fire them.

.....................................................................................................................................

Page 4 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

Exercise 3: Drafting an audit test plan

Prepare an audit test plan by selecting at least three appropriate audit procedures to
validate if an organization adequately protects logs that record activities or faults
(Control Annex A 8.15 of ISO/IEC 27001).

Mark “N/A” for the procedures that do not apply.

AUDIT TEST PLAN

Audit criteria: ISO/IEC 27001, Annex A 8.15 Logging

Logs that record activities, exceptions, faults and other relevant events shall be
produced, stored, protected and analyzed.

Observation

Documented
information
review

Interview

Technical
verification

Analysis

Page 5 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

Exercise 4: Nonconformity reports

Upon reading the case study, XIII Certification audit, complete the nonconformity
reports for the findings observed by the audit team.

In case of nonconformities, the report should include the following:

• The audit criteria
• A description of the nonconformity
• The type of nonconformity (minor or major)

You can use the “comments” section to justify your decision.

Findings:
1. The log-on procedure of the centralized platform provides detailed error
messages, indicating which part of the login data (username or password) is
incorrect, aiding potential unauthorized users in refining their intrusion strategies.
2. The company fails to keep records or monitor who enters and exists secure
areas, making it impossible to track unauthorized access or investigate security
incidents. BankPulse Solutions’ management is aware of the situation, and the
security manager has identified this issue as being a risk to be monitored and
included in the risk analysis report. BankPulse Solutions has no other
documentation of this situation.
3. BankPulse Solutions has two distinct processes for incident management, one
for the head office and one for the back office. In addition, the incident records
are kept in two separate information systems that do not communicate with each
other. In an interview with the person responsible for technical support, it was
stated that, within five years, the company will replace the two systems with an
integrated system for managing information security events.

Page 6 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

NONCONFORMITY REPORT #1
Client: Site:

Process: Clause/control number:

Audit criteria:

Description of the observed nonconformity:

Auditor: Acknowledgement by The type of

auditee representative: nonconformity

Date:

Comments:

.....................................................................................................................................

Page 7 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

NONCONFORMITY REPORT #2
Client: Site:

Process: Clause/control number:

Audit criteria:

Description of the observed nonconformity:

Auditor: Acknowledgement by The type of

auditee representative: nonconformity

Date:

Comments:

.....................................................................................................................................

Page 8 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

NONCONFORMITY REPORT #3
Client: Site:

Process: Clause/control number:

Audit criteria:

Description of the observed nonconformity:

Auditor: Acknowledgement by The type of

auditee representative: nonconformity

Date:

Comments:

.....................................................................................................................................

Page 9 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

Homework 1: Identification of threats, vulnerabilities, and impacts

Based on the case study, list the threats and vulnerabilities associated with the
following scenarios and indicate the potential impacts. Then, determine if the impacts
would affect the confidentiality, integrity, or availability of the organization’s data.
1. Ian Kovalev and Katie Harper were hired by BankPulse Solutions’ competitor,
EverNet.
2. The software delivered to BankPulse Solutions’ clients in Brazil had some
serious flaws and made clients vulnerable to external attacks.
3. Julia Robinson, the website designer, was ill for one month.
4. Customer information (names, addresses, and credit card numbers) is kept in a
database that does not have a proper encryption or access control in place.

Complete the matrix below and prepare to discuss your answers.

Page 10 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

Potential
Scenario Vulnerabilities Threats C I A
consequences
Ian Kovalev and
Katie Harper were
hired by BankPulse
Solutions’ competitor,
EverNet.
The software
delivered to
BankPulse Solutions’
clients in Brazil had
some serious flaws
and made clients
vulnerable to external
attacks.
Julia Robinson, the
website designer,
was ill for one month.
Customer information
(names, addresses,
and credit card
numbers) is kept in a
database that does
not have a proper
encryption or access
control in place.

Page 11 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

Homework 2: Selection of controls

For each threat identified in exercise 1, select the appropriate controls (by providing
the correct clause or annex number) which allow BankPulse Solutions to modify,
share, or avoid the risk.

Complete the matrix below and prepare to discuss your answers.

Page 12 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

Potential
Scenario Vulnerabilities Threats C I A Controls
consequences
Ian Kovalev and Katie
Harper were hired by
BankPulse Solutions’
competitor, EverNet.

The software delivered

to BankPulse Solutions’
clients in Brazil had
some serious flaws and
made clients vulnerable
to external attacks.

Julia Robinson, the

website designer, was ill
for one month.
Customer information
(names, addresses, and
credit card numbers) is
kept in a database that
does not have a proper
encryption or access
control in place.

Page 13 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

Homework 3: Audit evidence

List at least two actions that the auditor should take to verify conformity to the
following controls of Annex A of ISO/IEC 27001.

1. Annex A 5.1 Policies for information security

.....................................................................................................................................

2. Annex A 5.18 Access rights

.....................................................................................................................................

3. Annex A 8.7 Protection against malware

.....................................................................................................................................

Page 14 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

4. Annex A 8.13 Information backup

.....................................................................................................................................

Page 15 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

Homework 4: Evidence in an audit

List at least two types of evidence that would be sufficient to verify the organization’s
conformity to the following clauses of ISO/IEC 27001. Additionally, indicate the type
of evidence.

1. Clause 6.1.3 Information security risk treatment

.....................................................................................................................................

2. Annex A 8.4 Access to source code

.....................................................................................................................................

3. Annex A 7.10 Storage media

.....................................................................................................................................

4. Annex A 8.26 Application security requirements

.....................................................................................................................................

Page 16 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

5. Annex A 8.32 Change management

.....................................................................................................................................

Page 17 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

Homework 5: Documented information review

Review some of BankPulse Solutions’ documented information related to the ISMS
and determine if they meet the minimum requirements of ISO/IEC 27001. In addition,
list the necessary controls that BankPulse Solutions should implement.

.....................................................................................................................................

Page 18 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

Homework 6: Reviewing an audit plan

By referring to the case study, analyze the audit plan below and point out the
mistakes of this plan.

AUDIT INFORMATION
Organization: BankPulse Solutions
Address: Montreal, Canada
Client ID: 202204_BS27001
Number of employees within the
scope: 20
Auditee representative: Alan Brown
Standard(s) audited: ISO/IEC 27001:2022
Audit team leader: Chloe Roy
Other audit team member(s): N/A
Audit type: Stage 2 audit
Date(s) of audit: March 6 to March 22, 2023
Audit duration: Four days
Language: English
The scope of the ISMS established by
BankPulse Solutions includes all data
Audit scope:
processing facilities of the organization’s
headquarters in Montreal.

Audit preparation

a. Audit objectives
The objectives of this audit are to:
• Confirm that the ISMS complies with the audit criteria
• Confirm that the ISMS meets applicable statutory, regulatory, and
contractual requirements
• Confirm the effectiveness of the ISMS in meeting its specified objectives
• Identify the information security areas that need potential improvement

b. Audit criteria
The audit criteria are all normative clauses of the ISO/IEC 27001 standard:
• Clause 4: Context of the organization
• Clause 5: Leadership
• Clause 7: Support
• Clause 8: Operation
• Clause 9: Performance evaluation
• Clause 10: Improvement
• Annex A: Excerpt containing applicable controls related to the scope

Page 19 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

AUDIT PLAN
Date: March 6, 2023
Key
Time Auditor Steps
contact
Chloe
8:30 – 8:40 Meet and greet Alan Brown
Roy
Chloe
8:40 – 9:00 Conduct the opening meeting Alan Brown
Roy
Verify conformity to clause 4 Context of the
organization to evaluate if:
• The internal and external issues have been
identified, including those related to climate
change
• The ISMS addresses the needs and
Chloe expectations of interested parties
9:00 – 10:00 Alan Brown
Roy • The relevant requirements of interested
parties have been determined, including
legal, regulatory, and contractual
requirements and those related to climate
change
• The scope has been determined in
accordance with standard requirements
• Verify conformity to clause 5 Leadership by
interviewing the top management to evaluate
their commitment to the ISMS
• Review:
Information security policy
Chloe
10:00 – 11:00 Roles and responsibilities (through Alan Brown
Roy
assessing the organizational structure
and conducting interviews with a group
of employees to assess their awareness
and understanding of their roles and
responsibilities)
• Verify conformity to clause 6 Planning by
reviewing the following:
Chloe Planning of actions to address risks and
11:00 – 12:00 Alan Brown
Roy opportunities
Information security objectives
Planning of changes
Chloe
12:00 – 13:00 Lunch break Alan Brown
Roy
• Verify conformity to clause 7 Support
through:
Chloe
13:00 – 14:00 Reviewing communication plans Alan Brown
Roy
Reviewing employee training records and
interviewing a number of employees

Page 20 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

Reviewing the procedure for creating,

updating, and controlling documented
information
• Verify conformity to clause 8 Operation by
reviewing:
Documented information regarding the
Chloe planning, implementation, and control of
14:00 – 15:00 Alan Brown
Roy ISMS processes
Previous information security risk
assessments reports
Information security risk treatment plan
Chloe
15:15 – 15:30 Short break Alan Brown
Roy
• Verify conformity to clause 9 Performance
evaluation by reviewing:
Internal audit program and documented
Chloe
15:30 – 16:00 evidence of its implementation Alan Brown
Roy
Management review process
Documented information on the results
the monitoring and measurement results

Chloe • Review notes taken during the day and the

16:00 – 17:00 Roy audit findings, meet with the audit team, and Alan Brown
then with the auditee

AUDIT PLAN
Date: March 7, 2023
Key
Time Auditor Steps
contact
• Verify conformity to clause 10 Improvement
by reviewing:
Chloe Nonconformities and corrective actions
8:30 –10:00 Alan Brown
Roy taken or planned
Other evidence of continual
improvement
Verify conformity to Annex A 5 controls:
• 5.1 Policies for information security
• 5.2 Information security roles and
responsibilities
Chloe • 5.3 Segregation of duties
10:00 – 10:45 Alan Brown
Roy • 5.4 Management responsibilities
• 5.5 Contact with authorities
• 5.6 Contact with special interest groups
• 5.8 Information security in project
management

Page 21 of 32
Certified ISO/IEC 27001 Lead Auditor |
PECB Group Inc., ©2024

Chloe
10:45 – 11:00 Short break Alan Brown
Roy

Verify conformity to Annex A 6 controls:

• 6.1 Screening
• 6.2 Terms and conditions of employment
Chloe • 6.3 Information security awareness,
11:00 – 12:00 Alan Brown
Roy education and training
• 6.4 Disciplinary process
• 6.5 Responsibilities after termination or
change of employment
Chloe
12:00 – 13:00 Lunch break Alan Brown
Roy
Verify conformity to Annex A 7 controls:
Chloe
13:00 – 13:30 • 7.1 Physical security perimeters Alan Brown
Roy
• 7.2 Physical entry
Chloe
13:30 – 14:00 Physical facilities tour Alan Brown
Roy

Verify conformity to Annex A 8 controls:

Chloe • 8.1 User end point devices
14:00 – 15:00 Alan Brown
Roy • 8.2 Privileged access rights
• 8.3 Information access restrictions
Chloe
15:00 – 16:00 Lunch break Alan Brown
Roy
Review notes taken during the day and the audit
Chloe
16:00 – 17:00 findings, meet with the audit team, and then with Alan Brown
Roy
the auditee

AUDIT PLAN
Date: March 20, 2023
Key
Time Auditor Steps
contact
Verify conformity to Annex A 5 controls:
• 5.9 Inventory of information and other
Chloe associated assets
8:30 – 9:30 Alan Brown
Roy • 5.10 Acceptable use of information and other
associates assets
• 5.11 Return of assets
Chloe
9:30 – 9:45 Short break Alan Brown
Roy
Verify conformity to Annex A 5 controls:
• 5.12 Classification of information
Chloe
9:45 –11:00 • 5.13 Labelling of information Alan Brown
Roy
• 5.14 Information transfer
• 5.15 Access control

• 5.16 Identity management

• 5.17 Authentication information
• 5.18 Access rights
Verify conformity to Annex A 5 controls:
• 5.19 Information security in supplier
relationship
• 5.20 Addressing information security within
supplier agreements
Chloe
11:00 – 12:00 • 5.21 Managing information security in the Alan Brown
Roy
ICT supply chain
• 5.22 Monitoring, review and change
management of supplier services
• 5.23 Information security for use of cloud
services
Chloe
12:00 – 13:00 Lunch break Alan Brown
Roy
Verify conformity to Annex A 5 controls:
• 5.24 Information security incident
management planning and preparation
• 5.25 Assessment and decision on
Chloe
13:00 – 14:00 information security events Alan Brown
Roy
• 5.26 Response to information security
incidents
• 5.27 Learning from information security
incidents
Chloe
14:00 –14:30 Break Alan Brown
Roy
Verify conformity to Annex A 6 controls:
Chloe • 6.6 Confidentiality or non-disclosure
14:30 – 15:00 Alan Brown
Roy agreements
• 6.8 Information security event reporting
Chloe
15:00 – 15:15 Short break Alan Brown
Roy
Verify conformity to Annex A 7 controls:
• 7.5 Protecting against physical and
environmental threats
Chloe
15:15 – 16:30 • 7.6 Working in secure areas Alan Brown
Roy
• 7.7 Clear desk and clear screen
• 7.8 Equipment siting and protection
• 7.9 Security of assets off-premises
Review notes taken during the day and the audit
Chloe
16:30 – 17:00 findings, meet with the audit team, and then with Alan Brown
Roy
the auditee

AUDIT PLAN
Date: March 21, 2023
Key
Time Auditor Steps
contact
• Interview a representative sample of
employees engaged in key processes
related to the ISMS; spend approximately 10
minutes per person
• The interview should focus on:
Chloe Their ISMS roles and responsibilities
8:30 – 9:30 Alan Brown
Roy Processes for identifying the
opportunities for improvement
Management and protection of
passwords
Reporting of security incidents and
events
Verify conformity to Annex A 7 controls:
• 7.10 Storage media
Chloe • 7.11 Supporting utilities
9:30 – 10:30 Alan Brown
Roy • 7.12 Cabling security
• 7.13 Equipment maintenance
• 7.14 Secure disposal or re-use of equipment
Verify conformity to Annex A 8 controls:
• 8.8 Management of technical vulnerabilities
Chloe
10:30 – 12:00 • 8.9 Configuration management Alan Brown
Roy
• 8.10 Information deletion
• 8.13 Information backup
Chloe
12:00 – 13:00 Lunch break Alan Brown
Roy
Verify conformity to Annex A 8 controls:
• 8.14 Redundancy of information processing
facilities
Chloe
13:00 – 14:00 • 8.15 Logging Alan Brown
Roy
• 8.16 Monitoring activities
• 8.17 Clock synchronization
• 8.18 Use of privileged utility programs
Chloe
14:00 – 14:30 Have the closing meeting Alan Brown
Roy
Verify conformity to Annex A 8 controls:
• 8.19 Installation of software on operational
Chloe
14:30 – 15:30 systems Alan Brown
Roy
• 8.20 Networks security
• 8.21 Security of network services
Chloe
15:30 – 15:45 Short break Alan Brown
Roy

Chloe Review the compiled documented information for

15:45 – 17:00 Alan Brown
Roy the audit

.....................................................................................................................................

Homework 7: Opening meeting

Using the information from the provided case study about BankPulse Solutions,
create an agenda and outline for the opening meeting of the certification audit.
Ensure that your agenda addresses the unique aspects and challenges related to
BankPulse Solutions’ operations and compliance.

.....................................................................................................................................

Homework 8: Interview with the chief information security officer

You will interview Alan Brown, the chief information security officer of BankPulse
Solutions, who is also responsible for the implementation of the ISMS. Make sure to
ask questions that help you determine whether the company has implemented the
following controls of ISO/IEC 27001:
• Annex A 8.4 Access to source code
• Annex A 8.20 Networks security
• Annex A 8.26 Application security requirements

.....................................................................................................................................

Homework 9: Audit sampling process

Assess whether BankPulse Solutions complies with control A 6.1 Screening of
Annex A in ISO/IEC 27001. Given that the company has around 170 employees, you
need to employ sampling process as an audit procedure.

Define the target population, the sample, and the sample size. In addition, choose
the sampling method and justify your decision. Briefly explain how you would
conduct the sampling process.

.....................................................................................................................................

Homework 10: Closing meeting

Outline the key points you would cover in the closing meeting with BankPulse
Solutions’ top management subsequent to the audit process. This should include an
overview of the topics for discussion.

.....................................................................................................................................

Homework 11: Evaluation of corrective actions

After receiving the submitted action plans by the auditee, you, as the auditor, should
evaluate if they are appropriate and address the root causes of the nonconformities.

1. In the IT department, the same individual who has the authority to approve
system changes also has unrestricted access to implement those changes. This
lack of segregation of duties could lead to unauthorized or erroneous
modifications to critical systems.

Root cause: The absence of a clear division of responsibilities and authorizations

within the IT department increases the risk of errors, fraud, or unauthorized system
changes.

Corrective action: Implement a segregation of duties policy within the IT

department, establishing separate roles for change approval and implementation.
Specifically, designate one individual or team to authorize system changes and a
separate team or individual to implement those changes. Access controls and
permissions should be adjusted accordingly to enforce these divisions of
responsibility (time frame: within 30 days).

.....................................................................................................................................

2. A technician responsible for managing the company's outdated hard drives,

stored at the secondary site, did not properly dispose them. Rather than deleting
the data and destroying the disks as required, the person simply discarded them.
However, the procedure did not specifically cover the disposal of stored data in
devices or in other storage media when no longer needed, only its deletion.

Root cause: Absence of clear and comprehensive procedures regarding the

disposal of stored data in devices that are no longer needed.

Corrective action: Revise the procedure to encompass a comprehensive disposal

method for information that is no longer needed, covering not just information
systems but also all devices and other storage media (time frame: within three
months). Conduct training sessions to educate all relevant personnel on the revised
policies and procedures (time frame: within three months).

.....................................................................................................................................

3. The HR Department did not consistently verify applicants’ CVs and business
references due to a lack of awareness of the procedure.

Root cause: Inadequate and inconsistent training and communication within the HR
Department.

Corrective action: Inform (time frame: immediately) the HR team about the critical
importance and scope of background verification checks procedure for all potential
candidates prior to employment, emphasizing their legal, regulatory, and ethical
significance in accordance with company policies, train them (time frame: within
three months), and require that each member of the team follows the procedure
strictly.

.....................................................................................................................................

4. An employee accessed an information processing facility which they were not

authorized to access. That facility consists of sensitive information that belongs
to the organization.

Root cause: The employee, knowing the internal regulations of the organization,
has violated the rules.

Corrective action: Fire the employee based on internal rules and policies (time
frame: immediately).

.....................................................................................................................................

5. The organization does not have a formal process to categorize incidents.

Root cause: The current process for categorizing the latest information security
events as information security incidents is ineffective.

Corrective action: Establish a formal process outlining how incidents should be

identified, assessed, and categorized (time frame: within 12 months), buy a software
solution that supports incident categorization to streamline the process and maintain
a centralized database of incidents (time frame: within 24 months), and conduct
training sessions or workshops for relevant personnel to ensure they understand the
new incident categorization process (time frame: within 12 months).

.....................................................................................................................................

Page 32 of 32

ISO9001+ISO14001+ISO45001 IMS Internal Audit Guidance Sample
No ratings yet
ISO9001+ISO14001+ISO45001 IMS Internal Audit Guidance Sample
5 pages
ISO 27001 2022 Lead Auditor Course Content v1
100% (3)
ISO 27001 2022 Lead Auditor Course Content v1
16 pages
Isms Internal Audit
No ratings yet
Isms Internal Audit
10 pages
White Paper - Good Practice Internal Audit Reports: April 2018
100% (2)
White Paper - Good Practice Internal Audit Reports: April 2018
16 pages
Dynamics 365 - D365 Security and Compliance Guide
No ratings yet
Dynamics 365 - D365 Security and Compliance Guide
55 pages
ISO27k ISMS Audit Findings Template
No ratings yet
ISO27k ISMS Audit Findings Template
8 pages
ISO27k Gap Analysis - Executive Summary
100% (2)
ISO27k Gap Analysis - Executive Summary
9 pages
Iso 9001 Audit Trail: A Practical Guide to Process Auditing Following an Audit Trail
From Everand
Iso 9001 Audit Trail: A Practical Guide to Process Auditing Following an Audit Trail
David John Seear
5/5 (4)
Exercises Key
No ratings yet
Exercises Key
31 pages
Iso 27001 Checklist
No ratings yet
Iso 27001 Checklist
8 pages
ISO27k - ISMS - Audit - Findings - Template
No ratings yet
ISO27k - ISMS - Audit - Findings - Template
7 pages
Company Security Audit (ISO 27001)
100% (1)
Company Security Audit (ISO 27001)
24 pages
Self Evaluation Questionnalre in Accordance With en Iso/I Ec 17025: Laboratories
No ratings yet
Self Evaluation Questionnalre in Accordance With en Iso/I Ec 17025: Laboratories
12 pages
02 Slides - ISM04101ENIN - v3 (AD03) - Oct2021
No ratings yet
02 Slides - ISM04101ENIN - v3 (AD03) - Oct2021
129 pages
Revision Slides June 2018: Lecturer Contact Details
100% (1)
Revision Slides June 2018: Lecturer Contact Details
44 pages
PECB ISO IEC 27001 Lead Implementer 1
100% (1)
PECB ISO IEC 27001 Lead Implementer 1
82 pages
ISO27k ISMS 9.2 Internal Audit Procedure 2022
100% (2)
ISO27k ISMS 9.2 Internal Audit Procedure 2022
10 pages
Iso 27001:2005
0% (1)
Iso 27001:2005
116 pages
03_22301LI_EN_ExS_V4.4_20210927
No ratings yet
03_22301LI_EN_ExS_V4.4_20210927
25 pages
ISO 27701 Implementation Guide
100% (1)
ISO 27701 Implementation Guide
33 pages
APX-1100-P-005 Rev 1 Internal Audits
No ratings yet
APX-1100-P-005 Rev 1 Internal Audits
7 pages
Iso 27001 Checklist
No ratings yet
Iso 27001 Checklist
6 pages
ISO27k Audit Exercise
No ratings yet
ISO27k Audit Exercise
6 pages
ISO27k Guideline On ISMS Audit v1
No ratings yet
ISO27k Guideline On ISMS Audit v1
35 pages
ISO 50K Awareness - Participant Manual - Ver 0
100% (1)
ISO 50K Awareness - Participant Manual - Ver 0
46 pages
ISO27k ISMS Auditing Guideline Release 1
No ratings yet
ISO27k ISMS Auditing Guideline Release 1
34 pages
ISO 27001 Audit Guideline v1
75% (4)
ISO 27001 Audit Guideline v1
36 pages
C117: Demo of Iso 50001:2018 Enms System Awareness and Internal Auditor Training PPT Presentation Kit
No ratings yet
C117: Demo of Iso 50001:2018 Enms System Awareness and Internal Auditor Training PPT Presentation Kit
13 pages
Auditing Techniques
No ratings yet
Auditing Techniques
51 pages
ISO
No ratings yet
ISO
30 pages
ISO27k ISMS Auditing Guideline Release 1
No ratings yet
ISO27k ISMS Auditing Guideline Release 1
34 pages
ISO 17025-2017 Laboratory Accreditation Implementation and Certification Methodologies_Sterling_V2_020921
No ratings yet
ISO 17025-2017 Laboratory Accreditation Implementation and Certification Methodologies_Sterling_V2_020921
19 pages
ISO9001+ISO45001-internal-audit-guidance-sample
No ratings yet
ISO9001+ISO45001-internal-audit-guidance-sample
5 pages
Pragmatic ISMS Implementation Guideline
No ratings yet
Pragmatic ISMS Implementation Guideline
39 pages
API 8TH EDITION - IS0 9001-2008 For Elsmar
No ratings yet
API 8TH EDITION - IS0 9001-2008 For Elsmar
40 pages
ISO27k ISMS Internal Audit Procedure v3
No ratings yet
ISO27k ISMS Internal Audit Procedure v3
8 pages
COR IA Student Manual_V.2016_FINAL (1)
No ratings yet
COR IA Student Manual_V.2016_FINAL (1)
97 pages
ISO 27001 Lead Auditor Four Pages Syllabus
No ratings yet
ISO 27001 Lead Auditor Four Pages Syllabus
4 pages
17020 Quality Manual Sample
No ratings yet
17020 Quality Manual Sample
34 pages
Li21001 en
No ratings yet
Li21001 en
16 pages
ISO27k ISMS and Controls Status WTTH SoA and Gaps
No ratings yet
ISO27k ISMS and Controls Status WTTH SoA and Gaps
8 pages
1.08.accreditation & Certification Process
No ratings yet
1.08.accreditation & Certification Process
14 pages
Omnex Internal Auditor Training For ISO 17025 - 2017
No ratings yet
Omnex Internal Auditor Training For ISO 17025 - 2017
1 page
069 Audit Report RSUD Sekayu 9K St2 To Clients
No ratings yet
069 Audit Report RSUD Sekayu 9K St2 To Clients
11 pages
BCB 125 ISMS Accreditation Criteria - Apr 2011
No ratings yet
BCB 125 ISMS Accreditation Criteria - Apr 2011
4 pages
AUE Study Guide 001 - 2020 - 4 - B
0% (1)
AUE Study Guide 001 - 2020 - 4 - B
170 pages
ISO-IEC JTC 1-SC 27-WG 1_N3605_SC27 Journal Vol 3 Issue 4 (auditing practice articles)
No ratings yet
ISO-IEC JTC 1-SC 27-WG 1_N3605_SC27 Journal Vol 3 Issue 4 (auditing practice articles)
40 pages
ISO 27001-2005 Internal Audit Course
86% (7)
ISO 27001-2005 Internal Audit Course
109 pages
Information Security Essentials: Management System Certification
No ratings yet
Information Security Essentials: Management System Certification
3 pages
IDA - MTCS X-Cert - Gap Analysis Report - MTCS To ISO270012013 - Release
No ratings yet
IDA - MTCS X-Cert - Gap Analysis Report - MTCS To ISO270012013 - Release
50 pages
Requirements for Bodies-Providing-Star-Certification 20230213
No ratings yet
Requirements for Bodies-Providing-Star-Certification 20230213
9 pages
Syllabus ISO 27001-2022 CIA
No ratings yet
Syllabus ISO 27001-2022 CIA
3 pages
I So 27001 in Ormation Security Mange Ment
No ratings yet
I So 27001 in Ormation Security Mange Ment
18 pages
Uk Is3 Participant Guide Issue 2 2022
100% (1)
Uk Is3 Participant Guide Issue 2 2022
291 pages
Iso 27001 La
No ratings yet
Iso 27001 La
5 pages
P07:2017 - Cala Application of Requirements in Iso/Iec 17025:2017
No ratings yet
P07:2017 - Cala Application of Requirements in Iso/Iec 17025:2017
33 pages
09_M Corrective action
No ratings yet
09_M Corrective action
32 pages
ISO27k ISMS Implementation Guideline
100% (2)
ISO27k ISMS Implementation Guideline
39 pages
CONTRIBUTE TO QUALITY SYSTEM(1)
No ratings yet
CONTRIBUTE TO QUALITY SYSTEM(1)
27 pages
PR ISO 27001 How To Use The ISMS Implementation Toolkit 2.0
100% (1)
PR ISO 27001 How To Use The ISMS Implementation Toolkit 2.0
77 pages
ISO 27001 Documentation Simplified Checklist and Guide
100% (1)
ISO 27001 Documentation Simplified Checklist and Guide
7 pages
ISO 27001 Lead Implementer Product Summary
No ratings yet
ISO 27001 Lead Implementer Product Summary
1 page
PECB - ISO IEC 27001 Lead Auditor.v2024 03 05.q75
No ratings yet
PECB - ISO IEC 27001 Lead Auditor.v2024 03 05.q75
61 pages
Data Collection
No ratings yet
Data Collection
44 pages
Cyber Security For Intelligent Transportation-ITS, USA and State Wide
No ratings yet
Cyber Security For Intelligent Transportation-ITS, USA and State Wide
37 pages
ISMS - Lead Auditor Training Course
No ratings yet
ISMS - Lead Auditor Training Course
3 pages
ISO 30401 Lead Auditor Course......
100% (4)
ISO 30401 Lead Auditor Course......
435 pages
Lead - Security Governance, Risk and Compliance JD
No ratings yet
Lead - Security Governance, Risk and Compliance JD
2 pages
03.2 Audit Legal Compliance Vs ISO 27001
No ratings yet
03.2 Audit Legal Compliance Vs ISO 27001
3 pages
ISO27001 Sample Report
No ratings yet
ISO27001 Sample Report
31 pages
Data Center DSI 2018
No ratings yet
Data Center DSI 2018
11 pages
LRQA ISO 27001 2022 Infographics Updated IN
No ratings yet
LRQA ISO 27001 2022 Infographics Updated IN
1 page
Security and Compliance
No ratings yet
Security and Compliance
11 pages
Understanding Cybersecurity Frameworks and Information Security Standards-A Review and Comprehensive Overview
No ratings yet
Understanding Cybersecurity Frameworks and Information Security Standards-A Review and Comprehensive Overview
21 pages
Information Security Management System: Integrated Research Campus
No ratings yet
Information Security Management System: Integrated Research Campus
30 pages
ISO 27005 Risk Manager EN v.7.0 - Day 1
No ratings yet
ISO 27005 Risk Manager EN v.7.0 - Day 1
117 pages
ISO 27001:2013 Gap Analysis
No ratings yet
ISO 27001:2013 Gap Analysis
8 pages
Asset Management Policy
No ratings yet
Asset Management Policy
5 pages
Chapter 6
No ratings yet
Chapter 6
26 pages
ISO 27001 ISMS Scope Policy Template - Secureframe
No ratings yet
ISO 27001 ISMS Scope Policy Template - Secureframe
3 pages
List of Certifications
No ratings yet
List of Certifications
28 pages
ISMS Certificate 2021
No ratings yet
ISMS Certificate 2021
2 pages
The Eight Principles of Quality Management
No ratings yet
The Eight Principles of Quality Management
6 pages
Isms STQC PDF
No ratings yet
Isms STQC PDF
44 pages
Fundamentals of Information Systems Security
No ratings yet
Fundamentals of Information Systems Security
41 pages
Apple
No ratings yet
Apple
4 pages
Reports ISO 27001
No ratings yet
Reports ISO 27001
43 pages
Internal Audit Procedure
No ratings yet
Internal Audit Procedure
12 pages
Cyber Security - Indian Perspective PDF
No ratings yet
Cyber Security - Indian Perspective PDF
30 pages
[Ebooks PDF] download (Ebook) Guide to the Implementation and Auditing of ISMS Controls based on ISO/IEC 27001 by Edward Humphreys, Bridget Kenyon ISBN 9780580829109, 0580829103 full chapters
100% (2)
[Ebooks PDF] download (Ebook) Guide to the Implementation and Auditing of ISMS Controls based on ISO/IEC 27001 by Edward Humphreys, Bridget Kenyon ISBN 9780580829109, 0580829103 full chapters
82 pages