ISO 27001 Information Security Assessment Report

Subscriber Content
Screenshot of the first page of ISO 27001 Information Security Assessment Report

This audit report focuses on a project baselining an organization’s information security practices, with the purpose of identifying opportunities to advance the information security function and raise the overall effectiveness of existing security processes. It compares ISO 27001 (Information Security Management Systems Requirements) to existing information-security-related policies, procedures and practices.

The following key observations were noted during the review:

  • The company’s information security policies and procedures have not been formally approved by management and implemented throughout the organization.
  • No procedures exist to review, update and redistribute information security policies on an ongoing basis.
  • While the security manager has been assigned formal responsibility for supporting information security at the company, management has not introduced this role outside of the IT department.
  • Affiliated businesses/partners are directly connected to the company’s internal network without necessary oversight from the security manager. In addition, the security manager does not have sufficient authorization to ensure that business partner access to the company’s internal network is in compliance with security policies.

Topics
Business Continuity Management
Audit Planning
Audit Reporting
Identity and Access Management
Physical Security
Privacy

Related Resources

Checklists & Questionnaires

Information Security Risk Assessment Questionnaire

Policies & Procedures

ISO 9000 Certification Policy

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.

Let's Do It