ISO/IEC 27001:2022 Information security management systems

R

ROOTS

Involved In Discussions
Dear All,

With related to ISO/IEC 27001:2022 - Information security management systems, a new organization control is added (5.35 - Independent review of Information security). Could anybody help me by showing some examples how it has to be done? If anybody have already filled forms or samples please post it here.

Thank you
Roots
 
D

DanMann

Quite Involved in Discussions
Hi ROOTS,
I'd be careful saying it's new - 18.2.1 in 2013 was "Independent Review of Information Security".
Regardless of new or not, I'd say it depends on the size of organisation. My company is small, so we have an outsourced DPO and CISO who we ask to sit in on routine (quarterly) information security meetings to give this independent review and provide specific guidance when we feel we need it. We also have our "Internal" Audits carried out by contractors. We also have the Quality Management Team (who also run the ISMS) review all processes before they are released.
In a larger company, this could be sites or departments reviewing each others information security or having oversight from the information security staff.
Hopethis helps.
 
R

ROOTS

Involved In Discussions
DanMann said:
Hi ROOTS,
I'd be careful saying it's new - 18.2.1 in 2013 was "Independent Review of Information Security".
Regardless of new or not, I'd say it depends on the size of organisation. My company is small, so we have an outsourced DPO and CISO who we ask to sit in on routine (quarterly) information security meetings to give this independent review and provide specific guidance when we feel we need it. We also have our "Internal" Audits carried out by contractors. We also have the Quality Management Team (who also run the ISMS) review all processes before they are released.
In a larger company, this could be sites or departments reviewing each others information security or having oversight from the information security staff.
Hopethis helps.
Click to expand...
Hi Danmann,

Thank you for your prompt feedback. Can you please post some examples of the outcome of the independent review. This would help us to gain knowledge on how the review has to be done.

Thank you
 
D

DanMann

Quite Involved in Discussions
I can't post any examples because they contain confidential information, but it comes in the form of meeting minutes (with disable independent attendees) supplier approval records with evidence if competence and roles, Audit Reports and document approval records.
 
R

ROOTS

Involved In Discussions
DanMann said:
I can't post any examples because they contain confidential information, but it comes in the form of meeting minutes (with disable independent attendees) supplier approval records with evidence if competence and roles, Audit Reports and document approval records.
Click to expand...
Hi DanMann,

No problem.. Thank you for your time..
 
You must log in or register to reply here.

Similar threads

R
Sample procedure needed for ISO/IEC 27001:2022
Replies
3
Views
2K
Andy W
A
B
Compliance obligation with ISO/IEC 27001:2022
Replies
2
Views
181
Ed Panek
Ed Panek
Richard Regalado
Informational ISO/IEC 27001:2022 has been published
Replies
0
Views
899
Richard Regalado
Richard Regalado
J
SOC 2 information security auditing
Replies
0
Views
1K
john.b
J
Richard Regalado
Two risk assessments for ISMS
Replies
0
Views
584
Richard Regalado
Richard Regalado
Top Bottom