llllllllll

llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll lllllllllllllllllllllllllllllllllllllllllllllllllllllllllll lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll

Certified ISO/IEC 27001

Lead Auditor

Instructor Guide

Information Security Training

Copyright ISO 27001 Lead Auditor, Classroom course, release 5.0.0

Copyright and Trademark Information for Partners/Stakeholders.

ITpreneurs Nederland B.V. is affiliated to Veridion.

Copyright © 2013 ITpreneurs. All rights reserved.

Please note that the information contained in this material is subject to change without notice. Furthermore, this material contains proprietary information that is protected by copyright. No part of this material may be photocopied, reproduced, or translated to another language without the prior consent of ITpreneurs Nederland B.V.

The language used in this course is US English. Our sources of reference for grammar, syntax, and mechanics are from The Chicago Manual of Style, The American Heritage Dictionary, and the Microsoft Manual of Style for Technical Publications.

This

page

has b

een l

eft bl

ank i

ntenti

onall

y

This

page

has b

een l

eft bl

ank i

ntenti

onall

y

Customer focus: Organizations depend on their customers and therefore should understand current and future customer needs, should meet customer requirements and strive to exceed customer expectations.

Leadership: Leaders establish unity of purpose and direction of the organization. They should create and maintain the internal environment in which people can become fully involved in achieving the organization's objectives.

Involvement of people: People at all levels are the essence of an organization and their full involvement enables their abilities to be used for the organization's benefit.

Process approach: A desired result is achieved more efficiently when activities and related resources are managed as a process.

System approach to management: Identifying, understanding and managing interrelated processes as a system contributes to the organization's effectiveness and efficiency in achieving its objectives.

6. Continual improvement: Continual improvement of the organization's overall performance should be a permanent objective of the organization.

Factual approach to decision making: Effective decisions are based on the analysis of data and information.

Mutually beneficial supplier relationships: An organization and its suppliers are interdependent and a mutually beneficial relationship enhances the ability of both to create value.

(Clause 4 to 8)

ISO 27001, clause 0.1: General This International Standard has been prepared to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). The adoption of an ISMS should be a strategic decision for an organization. The design and implementation of an organization’s ISMS is influenced by their needs and objectives, security requirements, the processes employed and the size and structure of the organization. These and their supporting systems are expected to change over time. It is expected that an ISMS implementation will be scaled in accordance with the needs of the organization, e.g. a simple situation requires a simple ISMS solution.

This International Standard can be used in order to assess conformance by interested internal and external parties.