Are you ready for an ISMS audit based on ISO/IEC 27001?

Edward Humphreys and Bridget Kenyon

Published by






Reviewed by

Mehmet Hurer B.Sc (Hons) MBCS CITP CEng


6 out of 10

This is one in a series of five books published by the BSI to accompany the 2013 edition of the ISO/IEC 27001 standard. This series of books are designed to help the reader prepare for, and maintain, certification against this standard.

This second book of the series is a workbook to help an organisation perform a gap analysis between their ISMS and the requirements of the standard. It is split into two sections, with the first section providing a means of assessing  compliance against the ISMS process and the second section assessing against the controls from Annex A of the standard.

The book is a little more than a listing of the requirements from the standard with a space provided to allow for a compliance response (yes, no or partially compliance), along with justification. No further details or clarification are provided against any of the requirements. Given this, the same can be achieved very easily by simply taking a copy of the standard and providing a means in a document or spreadsheet, for example, to capture a structure compliance response.

The reader should not expect anything more from this workbook than a means of capturing a compliance response against each of the requirements of the standard. Some of the other books in the series are far more useful. For example, BIP 0073 provides more detail on each of the controls and how to audit against them “Guide to the Implementation and Auditing of ISMS Controls based on ISO/IEC 27001”. However, having said that, the book does present a useful way of structuring compliance responses against the standard.

Further information: BSI

December 2013