Howard and Jim chat about ISO/IEC TS 27008:2019 - Clause 8.0 - Control Assessment Process: Clause 8.1 - Preparation.

POINTS DISCUSSED

1. Why is a thorough preparation essential for a successful ISO 27001 Annex A audit?
2. How can management support and engagement influence the outcome of an ISO 27001 Annex A audit?
3. What are the critical steps that organizations must complete before an ISO 27001 Annex A audit?
4. What are the key components of an effective audit plan, and why are they important?
5. How does communication play a role in the success of ISO 27001 audits and organizational activities?
6. What methods do auditors use to gather evidence during an ISO 27001 Annex A audit?
7. Why is the competence of an auditor crucial for the success of an ISO 27001 Annex A audit?
8. How can organizations foster a culture of information security awareness among their employees?
9. What are some common challenges organizations face when preparing for an ISO 27001 Annex A controls assessment?
10. How can organizations use feedback from previous audits to improve their current preparation and control implementation?

LEARN MORE

Click here to try Conformance1's free online ISO 27001 Gap Checklist.

UPCOMING EPISODES

Howard and Jim continue to deep dive into ISO/IEC TS 27008:2019 - Clause 8.2 - Planning the Assessment.

NEXT STEPS

Please follow us on your preferred podcast directory. We appreciate your likes & comments, and shares.

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.

Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles
YouTube

Book Recommendations:

Turn the Ship Around!: A True Story of Turning Followers into Leaders by L. David Marquet

The Checklist Manifesto: How to Get Things Right by Atul Gawande

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

ISO 27001, Clause 8.0 Control Assessment Process, Clause 8.1 Preparation, Information Security Management Systems, Risk Management, ISO Review Podcast, Jim Moran, Howard Fox

#ISO27001 #InformationSecurityManagementSystems #RiskManagement #Control Assessment Process, #ISOReviewPodcast

Howard and Jim chat about ISO/IEC TS 27008:2019 - Assessing Information Security Controls, Sampling Techniques - Clause 7.5.

POINTS DISCUSSED

1. Introduction and Context
2. The importance of neutrality and objectivity in selecting sample items for an audit.
3. The criteria used to determine samples.
4. The steps that should be taken after an audit to ensure effective communication of results and implementation of corrective actions.
5. The implications when auditors focus on conformance rather than looking for nonconformance, and how this perspective shift impact the outcome of an audit.

LEARN MORE

Click here to try Conformance1's free online ISO 27001 Gap Checklist.

UPCOMING EPISODES

Howard and Jim continue to deep dive into ISO/IEC TS 27008:2019 - Process for Assessing Controls, Clause 8.1.

NEXT STEPS

Please follow us on your preferred podcast directory. We appreciate your likes & comments, and shares.

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.

Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles
YouTube

Book Recommendations:

Turn the Ship Around!: A True Story of Turning Followers into Leaders by L. David Marquet

The Checklist Manifesto: How to Get Things Right by Atul Gawande

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

ISO, ISO 27008, Information Security Management Systems, Risk Management, Sampling Techniques, ISO Review Podcast, Jim Moran, Howard Fox

#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #TSamplingTechniques #ISOReviewPodcast

Howard and Jim chat about ISO/IEC TS 27008:2019 - Assessing Information Security Controls, Testing and Validation Techniques - Clauses 7.4.4 - 7.4.7.

POINTS DISCUSSED

1. Introduction and Context
2. Testing Techniques for ISO 27001 Systems - Annex A Controls
3. The Importance of Information Security Testing
4. Testing and Validation Techniques - Clauses 7.4.4 - 7.4.7
5. Grey Box Testing, Double Grey Box Testing, Tandem Testing, and Reversal.
6. Preparations an auditor make prior to conducting any form of testing on an information security management

LEARN MORE

Click here to try Conformance1's free online ISO 27001 Gap Checklist.

UPCOMING EPISODES

Howard and Jim continue to deep dive into ISO/IEC TS 27008:2019 - Sampling Techniques - Clause 7.5.

NEXT STEPS

Please follow us on your preferred podcast directory. We appreciate your likes & comments, and shares.

Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other requirements that you have to meet.

Click here to visit the International Management System Institute website, and learn about how and why you should consider becoming a Certified ISO Management System Professional.

Learn more about Jim on LinkedIn & YouTube

LinkedIn
LinkedIn Articles
YouTube

Book Recommendations:

Turn the Ship Around!: A True Story of Turning Followers into Leaders by L. David Marquet

The Checklist Manifesto: How to Get Things Right by Atul Gawande

Learn more about Howard

Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.

Keywords

ISO, ISO 27008, Information Security Management Systems, Risk Management, Testing and Validation Techniques, ISO Review Podcast, Jim Moran, Howard Fox

#ISO27001 #ISO27008 #InformationSecurityManagementSystems #RiskManagement #TestingAndValidationTechniques #ISOReviewPodcast