Moved a directory, changed some filenames
|
|
@ -32,7 +32,7 @@ A very important thing to bring up early, is **risk ownership**. We need to be c
|
|||
|
||||
As an auditor I expect to see a clearly defined and understandable risk assessment process, and evidence for its execution, by maybe getting somebody to take me through risk assessments that have been performed.
|
||||
|
||||
Although Clause 6.1.2 tells you what should be considered when doing risk assessments, it does not tell you *how* to conduct a risk assessment. It doesn't tell you to use a risk calculation scale of 1 to 10, or high, medium and low, or using some other kind of formula, and neither does the ISO 27002 implementation guidance, of the [ISO 27005](../ISO%2027005.md) (Guidance on managing information security risks).
|
||||
Although Clause 6.1.2 tells you what should be considered when doing risk assessments, it does not tell you *how* to conduct a risk assessment. It doesn't tell you to use a risk calculation scale of 1 to 10, or high, medium and low, or using some other kind of formula, and neither does the ISO 27002 implementation guidance, of the [ISO 27005](../about/ISO%2027005.md) (Guidance on managing information security risks).
|
||||
|
||||
What it *does* tell us, is that we need to have an agreed way of conducting risk assessments, and that we need predefined risk acceptance criteria.
|
||||
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ This was previously called risk transfer, but this term was dropped because you
|
|||
|
||||
### Risk modification by implementing controls
|
||||
|
||||
Clause 8.3 of [ISO 27005](../ISO%2027005.md), the guidance document on risk management[^1], says that we shall select controls in order to address risks. These can be preventative, detective or corrective in nature.
|
||||
Clause 8.3 of [ISO 27005](../about/ISO%2027005.md), the guidance document on risk management[^1], says that we shall select controls in order to address risks. These can be preventative, detective or corrective in nature.
|
||||
|
||||
Which controls will be implemented by the organization, is specified in the Statement of Applicability (6.1.3d).
|
||||
|
||||
|
|
|
|||
|
After Width: | Height: | Size: 91 KiB |
|
After Width: | Height: | Size: 148 KiB |
|
After Width: | Height: | Size: 156 KiB |
|
After Width: | Height: | Size: 87 KiB |
|
After Width: | Height: | Size: 195 KiB |
|
After Width: | Height: | Size: 96 KiB |
|
After Width: | Height: | Size: 132 KiB |
|
After Width: | Height: | Size: 142 KiB |
|
After Width: | Height: | Size: 102 KiB |
|
After Width: | Height: | Size: 67 KiB |
|
After Width: | Height: | Size: 78 KiB |
|
After Width: | Height: | Size: 76 KiB |
|
After Width: | Height: | Size: 112 KiB |
|
After Width: | Height: | Size: 100 KiB |
|
After Width: | Height: | Size: 144 KiB |
|
After Width: | Height: | Size: 96 KiB |
|
After Width: | Height: | Size: 190 KiB |
|
After Width: | Height: | Size: 76 KiB |
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: true
|
||||
---
|
||||
# S01 Course objectives and structure
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: true
|
||||
---
|
||||
# S02.1 Introduction to management systems and ISO 27000 family of standards
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: true
|
||||
---
|
||||
# S02.2 Introduction to management systems and ISO 27000 family of standards
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: true
|
||||
---
|
||||
# S02.3 Introduction to management systems and ISO 27000 family of standards
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: true
|
||||
---
|
||||
# S03 Certification process
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S06.1 Fundamental audit concepts and principles
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S06.2 Fundamental audit concepts and principles
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S06.3 Fundamental audit concepts and principles
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S06.4 Fundamental audit concepts and principles
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S06.5 Fundamental audit concepts and principles
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S06.6 Fundamental audit concepts and principles
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S07.1 The impact of trends and technology in auditing
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S07.2 The impact of trends and technology in auditing
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S08.1 Evidence based auditing
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S08.2 Evidence based auditing
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S09 Risk based audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S10.1 Initiation of the audit process
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S10.2 Initiation of the audit process
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S10.3 Initiation of the audit process
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S11.1 Stage 1 audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S11.2 Stage 1 audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S12.1 Preparing for stage 2 audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S12.2 Preparing for stage 2 audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S13.1 Stage 2 audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S13.2 Stage 2 audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S14.1 Communication during the audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S14.2 Communication during the audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S15.1 Audit procedures
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S15.2 Audit procedures
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S15.3 Audit procedures
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S15.4 Audit procedures
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S15.5 Audit procedures
|
||||
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ isotags:
|
|||
- C.4.2
|
||||
- C.7.5.3
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S16.1 Creating audit test plans
|
||||
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ isotags:
|
|||
- C.10.1
|
||||
- C.10.2
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S16.2 Creating audit test plans
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S17.1 Drafting audit findings and nonconformity reports
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S17.2 Drafting audit findings and nonconformity reports
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ tags:
|
|||
isotags:
|
||||
- C.7.5.2
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S18 Audit documentation and quality review
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S19.1 Closing of the audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S19.2 Closing of the audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S20 Evaluation of action plans by the auditor
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S21.1 Beyond the initial audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S21.2 Beyond the initial audit
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S22.1 Managing an internal audit program
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ tags:
|
|||
isotags:
|
||||
- C.10.2
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S22.2 Managing an internal audit program
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S23.1 Closing of the training course
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ tags:
|
|||
- PECB-LA
|
||||
isotags: []
|
||||
status: active
|
||||
processed: false
|
||||
---
|
||||
# S23.2 Closing of the training course
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,16 @@
|
|||
# PECB Lead Auditor Training — Transcriptions Index
|
||||
|
||||
```dataviewjs
|
||||
const files = dv.pages('"iso27diy-corp/Corpus/Standards/ISO27x/PECB-Lead-Auditor-Training/transcriptions"')
|
||||
.where(p => p.file.name !== "index")
|
||||
.sort(p => p.file.name, "asc");
|
||||
|
||||
dv.table(
|
||||
["#", "Read", "Transcription"],
|
||||
files.map((p, i) => [
|
||||
i + 1,
|
||||
p.processed ? "✅" : "⬜",
|
||||
p.file.link
|
||||
])
|
||||
);
|
||||
```
|
||||