22 Mar
22Mar
  1. Vocabulary - Since these are international standards, they use some of the vocabulary that relates closer to European English.  Therefore, it is important to know the meaning of the terms and the context they are used to provide within the standard.
  2. Concepts - This is where it even gets trickier.  Some of these concepts correlate to the concepts you may have seen in other standards (CoBIT, CISA, CISM, CISSP, etc).  While these concepts at surface seem the same as other standards, there is additional information in ISO/IEC standards that must be taken into consideration during auditing or implementation.  Perfect example of it is Impartiality.  Impartiality is closely tied with the term Independence/Independent.
  3. Auditing techniques - Amongst other auditing approach differences, there are specific sampling requirements that must be met before a sampling approach can be applied for implementation and auditing purposes.  
  4. Prescriptive requirements - The international standards prescribe specific requirements unlike other standards and require justification for excluding a requirement. Conformity/non-conformity which are synonymous with findings/exceptions along with control set and requirements.
  5. Chronological order of activities - There are many places in the training, where a chronological order of activities must be followed a specific process before ISMS can be audited for certification.  Drawing out the process workflow is a good approach to remembering the process and comes in handy for the last-minute review.
Comments
* The email will not be published on the website.