Hi to all forum members,
I'm a newly qualified ISO 27001 lead auditor and have been tasked to produce an "as is" assessment of my company's controls against the 27001 framework. There is no desire to achieve the certification; senior management just want to gauge how they stack up against the ISMS and bolster some of the high risk areas.
I have viewed and reviewed the policies, observed staff , interview multiple stakeholders and produced an excel spreadsheet with a RAG rating and brief findings against each of the controls. I've been asked to provide more narrative in non technical language for the report with a summary highlighting key findings, areas of success and areas of improvement, a deeper dive into the observations (non tech language) together with key recommendations.
Do any of the forum members have anything like this (in an anonymised format) that they are willing to share or can point me where i could possible find some resources?
Thanks
Taz
I'm a newly qualified ISO 27001 lead auditor and have been tasked to produce an "as is" assessment of my company's controls against the 27001 framework. There is no desire to achieve the certification; senior management just want to gauge how they stack up against the ISMS and bolster some of the high risk areas.
I have viewed and reviewed the policies, observed staff , interview multiple stakeholders and produced an excel spreadsheet with a RAG rating and brief findings against each of the controls. I've been asked to provide more narrative in non technical language for the report with a summary highlighting key findings, areas of success and areas of improvement, a deeper dive into the observations (non tech language) together with key recommendations.
Do any of the forum members have anything like this (in an anonymised format) that they are willing to share or can point me where i could possible find some resources?
Thanks
Taz