ISO/IEC TR 27008:2011 provides guidance on reviewing the implementation and operation of controls, including technical compliance checking of information system controls, in compliance with an organization's established information security standards.
ISO/IEC TR 27008:2011 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations conducting information security reviews and technical compliance checks. It is not intended for management systems audits.
Iso Iec Tr 27008 Pdf Download
Even though it is meant to be used in conjunction with ISO 27001 and ISO 27002, it is not exclusive to those standards and is applicable to any scenario requiring an assessment of information security controls. ISO 27008 is essential to organisations of all forms and sizes, including public and private businesses, federal agencies, and not-for-profit organisations that perform information management reviews and operational compliance tests.
ISO 27008 provides guidance to all auditors on information security management systems controls. It guides the information risk management process as well as internal, external, and third-party assessments of an ISMS by demonstrating the association between the ISMS and its accompanying controls. 2ff7e9595c
Коментарі