Bahareh PhD
Jan 18, 2017
Dissertations / The background of my dissertation - ISO [7]
ISO introduces a list of RCBs (Registered Certification Bodies) for certification procedure as authorized certification organisations. These CBs help organisations to determine the extension to which there already is conformity with the ISO 27001 and further actions required for successful certification, as a preliminary examination. Afterwards, the necessary measures for the ISO 27001 conformity should be defined in a preparation project. External experts are required for a certification process, for the essential level of knowledge and experience in the field of InfoSec as well as ISO 27001 implementation requirements. Initially, the RCB check all the documents, such as security policy and process description. The main audit follows this preparation phase with carrying out a detailed examination during an on-site visit lasting several days. This phase consist of several steps. For instance, interviewing all responsible employees to examine their understanding of the security policy. Subsequently, employees describe processes, present details and procedures, explain process documentation as well as discuss known weaknesses and improvement measures initiated.
Directives and Policies - ISO
ISO introduces a list of RCBs (Registered Certification Bodies) for certification procedure as authorized certification organisations. These CBs help organisations to determine the extension to which there already is conformity with the ISO 27001 and further actions required for successful certification, as a preliminary examination. Afterwards, the necessary measures for the ISO 27001 conformity should be defined in a preparation project. External experts are required for a certification process, for the essential level of knowledge and experience in the field of InfoSec as well as ISO 27001 implementation requirements. Initially, the RCB check all the documents, such as security policy and process description. The main audit follows this preparation phase with carrying out a detailed examination during an on-site visit lasting several days. This phase consist of several steps. For instance, interviewing all responsible employees to examine their understanding of the security policy. Subsequently, employees describe processes, present details and procedures, explain process documentation as well as discuss known weaknesses and improvement measures initiated.
