ISO27001-13 Assessments Without Tears: A Pocket Guide, Second Edition

Updated to reflect the changes in ISO27001:2013, this pocket guide is the ideal way to prepare all staff in an organization for an ISO27001 audit. The audit process can be a daunting one as an auditor can direct questions at any employee within your organization. Written in a clear plain style, this pocket guide offers a tried and tested briefing, and should be issued to staff in advance of the audit to help them prepare for the experience and be well equipped to answer questions when asked. This pocket book explains what an ISO 27001 assessment is, why organizations bother with them, and what individual staff should do and, perhaps as importantly, not do if an auditor chooses to question them. The book covers:

• What an assessment is
• Why information security is important
• What happens during an assessment
• What to consider when answering an auditor's questions
• What happens when an auditor finds something wrong
• Your policies and how to prepare

This pocket book is the perfect tool to train everybody inside your organization to play their part in your ISO 27001 assessment.

About the Author

Steve G Watkins: Director, Training and Consultancy, IT Governance Ltd. Steve managed the world's first successful BS7799 (the forerunner of ISO27001) implementation project; he leads the consultancy and training services of IT Governance. He is Chair of the ISO/IEC 27001 User Group, the UK Chapter of the ISMS International User Group, and an ISMS Technical Assessor for UKAS, advising on their assessments of certification bodies offering accredited certification. Steve sits on the IST/33 committee responsible for the UK's contributions to the revisions of the ISO 2700x series of standards and RM/1, the committee responsible for BS31100/ISO31000, the British Standard for Risk Management and the UK's contributions to ISO31000. Steve is also co-author (with Alan Calder) of the definitive compliance guide, IT Governance: An International Guide to Data Security and ISO 27001/ISO27002. He has over 20 years' experience of managing integrated management systems, including maintenance of Information Security, Quality, Environmental and Investor in People certifications. His experience includes senior management positions in both the public and private sector.