Information technology -- Security techniques -- Guidelines for auditors on information security controls
(Not available in French)
ISO/IEC TR 27008:2011 provides guidance on reviewing the implementation and operation of controls, including technical compliance checking of information system controls, in compliance with an organization's established information security standards.
ISO/IEC TR 27008:2011 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations conducting information security reviews and technical compliance checks. It is not intended for management systems audits.
Document published on: 2011-10 Edition: 1 (Monolingual) ICS: 03.100.70; 35.030 Status: Published Stage: 90.92 (2014-08-27) TC/SC: ISO/IEC JTC 1/SC 27 Number of Pages: 36
Revised by: ISO/IEC PDTS 27008
No corrigenda or amendments available