Information Security
Information Security ensures business continuity,
minimises business damage through the management of information
security risks and maximises business opportunities. Within
the context of the ISO 27001 standard, information
security should achieve:
- confidentiality: information is accessible
only to those with authorization
- integrity: maintains the accuracy and completeness
of information
- availability: authorised users have access
to information when required
The IRCA ISMS auditor programme has been developed in partnership
with Ted Humphreys of Xisec, in response to
the demand for competent auditors of Information Security Management
Systems. The programme supports third party certification: we
certify the different categories of auditors - those employed
by certification bodies/registrars, consultants and internal
auditors. We also develop and promote good auditor training
and auditing best practice.
Benefits to organizations
- Confidence that IRCA certified auditors have the appropriate
training and skills
Benefits to certification bodies
- Re-assurance that IRCA auditors employed to audit organizations'
quality management systems for certification to ISO 27001 are
competent and committed to continuing professional development
Benefits to auditors
- Recognition that you can conduct process-based audits competently
against ISO 27001 for clients worldwide
The ISMS auditor programme is based on these standards:
- ISO 19011:2002, Guidelines on Quality and/or Environmental
Management Systems auditing
- ISO 27001:2005, Information Technology - Security Techniques - Information Security Management Systems - Requirements.
- ISO/IEC 17799:2005, Information Technology - Security Techniques - Code of Practice for Information Security Management
- EA 7/03, Guidelines for the accreditation of bodies operating
certification/registration of Information Security Management
Systems