To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

Podcasting Education pKirkpatrickPrice
Content provided by KirkpatrickPrice. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by KirkpatrickPrice or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Our Cybersecurity Mission « »
The ISO 27001 Episode

43:51
 
Play
Playing
Share
 

MP3Episode home
Manage episode 491076076 series 3668135
Content provided by KirkpatrickPrice. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by KirkpatrickPrice or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

KirkpatrickPrice is on a mission to help 10,000 people elevate the standards for cybersecurity and compliance. Join Our Cybersecurity Mission: https://www.linkedin.com/showcase/107184577/admin/dashboard/

ISO 27001 – Information Security Management Systems: https://www.iso.org/standard/27001
What's new in the 2022 version: https://kirkpatrickprice.com/blog/web...
Annex A Control 5.35 – Independent Review
You have to conduct an independent review of your ISMS, which could be an external party or an operationally-independent internal resource.
ISO 27001 Certification Bodies

· British Standards Institute (BSI)

· Mastermind Assurance

· Performance Review Institute (PRI)

Stage 1 Audit Report
Minor nonconformities
These are not seen as serious. You must develop, follow, and complete your own internal Corrective Action Plan (CAP) before Stage 2. You are not required to send your CAP for minor nonconformities at Stage 1.
Major nonconformities
You need to produce a CAP for the certifying body with all actions completed before Stage 2. You need to submit your CAP before scheduling Stage 2. Send your CAP to your auditor.
Stage 2 Audit Report
Minor nonconformities
A written Corrective Action Plan (CAP) must be sent to your certification body. A certification decision is made. The CAP will be reviewed by your Client Manager and details the nonconformity, the cause, the proposed corrective action, who is responsible and the date the action will be implemented; you will have five working days to do this.
Major nonconformities
If a major nonconformity is raised or remains outstanding from Stage 1, an additional visit will need to be booked; this is to confirm the implementation of an effective CAP. This additional visit will take place within 30 days; however, you may request to have the visit earlier. Major nonconformities must be addressed within six months of the assessment and prior to the issuance of the certificate. Send your CAP to your Client Manager.
Opportunities for Improvement
When conducting an audit, your Client Manager may encounter a situation that doesn’t qualify as a nonconformity, but could improve your system. These Opportunities for Improvement (OFI) are revealed during the audit process and include any suggestions for improvement, as well as any findings that could lead to potential nonconformities. While it’s not required to include OFIs in your CAP, your Client Manager will include them in your auditing report to encourage continual improvement.

KirkpatrickPrice is on a mission to help 10,000 people elevate the standards for cybersecurity and compliance. Join Our Cybersecurity Mission: https://www.linkedin.com/showcase/our-cybersecurity-mission

  continue reading

10 episodes

#Podcasting Education #pKirkpatrickPrice
Artwork

The ISO 27001 Episode

Our Cybersecurity Mission

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 491076076 series 3668135
Content provided by KirkpatrickPrice. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by KirkpatrickPrice or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

KirkpatrickPrice is on a mission to help 10,000 people elevate the standards for cybersecurity and compliance. Join Our Cybersecurity Mission: https://www.linkedin.com/showcase/107184577/admin/dashboard/

ISO 27001 – Information Security Management Systems: https://www.iso.org/standard/27001
What's new in the 2022 version: https://kirkpatrickprice.com/blog/web...
Annex A Control 5.35 – Independent Review
You have to conduct an independent review of your ISMS, which could be an external party or an operationally-independent internal resource.
ISO 27001 Certification Bodies

· British Standards Institute (BSI)

· Mastermind Assurance

· Performance Review Institute (PRI)

Stage 1 Audit Report
Minor nonconformities
These are not seen as serious. You must develop, follow, and complete your own internal Corrective Action Plan (CAP) before Stage 2. You are not required to send your CAP for minor nonconformities at Stage 1.
Major nonconformities
You need to produce a CAP for the certifying body with all actions completed before Stage 2. You need to submit your CAP before scheduling Stage 2. Send your CAP to your auditor.
Stage 2 Audit Report
Minor nonconformities
A written Corrective Action Plan (CAP) must be sent to your certification body. A certification decision is made. The CAP will be reviewed by your Client Manager and details the nonconformity, the cause, the proposed corrective action, who is responsible and the date the action will be implemented; you will have five working days to do this.
Major nonconformities
If a major nonconformity is raised or remains outstanding from Stage 1, an additional visit will need to be booked; this is to confirm the implementation of an effective CAP. This additional visit will take place within 30 days; however, you may request to have the visit earlier. Major nonconformities must be addressed within six months of the assessment and prior to the issuance of the certificate. Send your CAP to your Client Manager.
Opportunities for Improvement
When conducting an audit, your Client Manager may encounter a situation that doesn’t qualify as a nonconformity, but could improve your system. These Opportunities for Improvement (OFI) are revealed during the audit process and include any suggestions for improvement, as well as any findings that could lead to potential nonconformities. While it’s not required to include OFIs in your CAP, your Client Manager will include them in your auditing report to encourage continual improvement.

KirkpatrickPrice is on a mission to help 10,000 people elevate the standards for cybersecurity and compliance. Join Our Cybersecurity Mission: https://www.linkedin.com/showcase/our-cybersecurity-mission

  continue reading

10 episodes

#Podcasting Education #pKirkpatrickPrice

Усі епізоди

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play
icon
Help/FAQ | Advertise with Us
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play