IT´s correct, ISO27001 does not require such certification or an especific
number of lead auditors.
However, how can your organizatization implement the internal audit
process if it doesn´t have people who knows the standard and people that
khows how to audit it?
One option is to do the internal audits with third party auditors. But if
you decide to do it with your organization´s people, You have to train
the internal autidors and you have to prove and show evidence to the
certification body that the internal auditors are competent (Properly or
sufficiently qualified or capable or efficient). One way to show the
eveidence is the taninning and it´s better if they are certified (not
mandatory) as ISO27001 ISMS auditors.
If you are familiar with ISO9001 process, the Iso27001 auditing process is
similar.
Cesar H. Tarazona T.
Security Consultant
Etek International - Colombia
ISO 9001 certified
BS7799-2 certified
Tel: +57-( 1)-257-1520
Fax: +57-(1)-257-6960
http://www.etek.com.co
Este correo y cualquier archivo anexo son confidenciales y para uso
exclusivo de la persona o entidad de destino. Esta comunicación puede
contener información protegida por el privilegio de cliente-abogado. Si
usted ha recibido este correo por error, equivocación u omisión queda
estrictamente prohibido la utilización, copia, reimpresión, reenvió o
cualquier acción tomada sobre este correo y puede ser penalizada
legalmente. En tal caso, favor notificar en forma inmediata al remitente.
This e-mail and any files transmitted with it are for the sole use of the
intended recipient(s) and may contain confidential and privileged
information. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy all copies of the original message. Any
unauthorized review, use, disclosure, dissemination, forwarding, printing
or copying of this email or any action taken in reliance on this e-mail is
strictly prohibited and may be unlawful.
To
<bs7799 (at) securityfocus (dot) com [email concealed]>
cc
Subject
FW: Internal Lead auditors
Hi
>>>> Is it mandatory to have internal staff go through the ISO 27701 Lead
auditor training or Implementation course.
No ISO 27001 standard does not require such training but of course it
would
help on the course to the certification.
>>>> Does the standard require that the company getting certifed should
have a minimum number of ISO 27001 trained-certified staff.
Neither
Cordialement - Sincerely
*************************************************************
Patrick MORRISSEY - CIA, CISA, CISM, CISSP, ISO 27001 Lead Auditor
Directeur - AUDITWARE - Paris - France - www.auditware.fr
pmorrissey (at) auditware (dot) fr [email concealed]
Mobile = 33(0)6.08.74.96.21
*************************************************************
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On
Behalf Of iso 27000
Sent: vendredi 6 octobre 2006 14:07
To: bs7799 (at) securityfocus (dot) com [email concealed]
Subject: Internal Lead auditors
Hi,
Is it mandatory to have internal staff go through the ISO 27701 Lead
auditor training or Implementation course.
Does the standard require that the company getting certifed should
have a minimum number of ISO 27001 trained-certified staff.
IT´s correct, ISO27001 does not require such certification or an especific
number of lead auditors.
However, how can your organizatization implement the internal audit
process if it doesn´t have people who knows the standard and people that
khows how to audit it?
One option is to do the internal audits with third party auditors. But if
you decide to do it with your organization´s people, You have to train
the internal autidors and you have to prove and show evidence to the
certification body that the internal auditors are competent (Properly or
sufficiently qualified or capable or efficient). One way to show the
eveidence is the taninning and it´s better if they are certified (not
mandatory) as ISO27001 ISMS auditors.
If you are familiar with ISO9001 process, the Iso27001 auditing process is
similar.
Cesar H. Tarazona T.
Security Consultant
Etek International - Colombia
ISO 9001 certified
BS7799-2 certified
Tel: +57-( 1)-257-1520
Fax: +57-(1)-257-6960
http://www.etek.com.co
Este correo y cualquier archivo anexo son confidenciales y para uso
exclusivo de la persona o entidad de destino. Esta comunicación puede
contener información protegida por el privilegio de cliente-abogado. Si
usted ha recibido este correo por error, equivocación u omisión queda
estrictamente prohibido la utilización, copia, reimpresión, reenvió o
cualquier acción tomada sobre este correo y puede ser penalizada
legalmente. En tal caso, favor notificar en forma inmediata al remitente.
This e-mail and any files transmitted with it are for the sole use of the
intended recipient(s) and may contain confidential and privileged
information. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy all copies of the original message. Any
unauthorized review, use, disclosure, dissemination, forwarding, printing
or copying of this email or any action taken in reliance on this e-mail is
strictly prohibited and may be unlawful.
"Patrick MORRISSEY" <pmorrissey (at) auditware (dot) fr [email concealed]>
Sent by: listbounce (at) securityfocus (dot) com [email concealed]
06/10/2006 12:28 p.m.
Please respond to
<pmorrissey (at) auditware (dot) fr [email concealed]>
To
<bs7799 (at) securityfocus (dot) com [email concealed]>
cc
Subject
FW: Internal Lead auditors
Hi
>>>> Is it mandatory to have internal staff go through the ISO 27701 Lead
auditor training or Implementation course.
No ISO 27001 standard does not require such training but of course it
would
help on the course to the certification.
>>>> Does the standard require that the company getting certifed should
have a minimum number of ISO 27001 trained-certified staff.
Neither
Cordialement - Sincerely
*************************************************************
Patrick MORRISSEY - CIA, CISA, CISM, CISSP, ISO 27001 Lead Auditor
Directeur - AUDITWARE - Paris - France - www.auditware.fr
pmorrissey (at) auditware (dot) fr [email concealed]
Mobile = 33(0)6.08.74.96.21
*************************************************************
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On
Behalf Of iso 27000
Sent: vendredi 6 octobre 2006 14:07
To: bs7799 (at) securityfocus (dot) com [email concealed]
Subject: Internal Lead auditors
Hi,
Is it mandatory to have internal staff go through the ISO 27701 Lead
auditor training or Implementation course.
Does the standard require that the company getting certifed should
have a minimum number of ISO 27001 trained-certified staff.
[ reply ]