[go: up one dir, main page]
Scribd
Upload
336 views9 pages

03 Competence Check Iso 27001

The document is an annex for an ISO 27001 application that requires the applicant to provide details of their information security competence and experience. It lists several key information security aspects and asks the applicant to describe relevant professional experience for each, including management systems, security policies, internal organization, asset management, and more. The applicant must also provide their CV and details of any information security specific trainings.

Uploaded by

Sabrina Hyde's
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
336 views9 pages

03 Competence Check Iso 27001

The document is an annex for an ISO 27001 application that requires the applicant to provide details of their information security competence and experience. It lists several key information security aspects and asks the applicant to describe relevant professional experience for each, including management systems, security policies, internal organization, asset management, and more. The applicant must also provide their CV and details of any information security specific trainings.

Uploaded by

Sabrina Hyde's
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

ISO 27001 Competence Check

Annex of Application Form ISO 27001 (Please also provide complete CV):
Proof of Information Security Competence

Name of applicant:
Organization:

Professional experience: (from/to, company/institute, function/role)


1.
2.

Information Security Aspect Proof of Professional Experience Remarks of the Certification Body
(examples for sorts of competence area) Please describe professional experience and knowledge
with regard to following aspects of Information Security ,
based on given facts of your CV
(intensity, volume, duration, etc.)

Management system
e.g.
Establishing an ISMS (completely or partly)
Practical experience with risk assessment
methods
Risk evaluation/treatment (plan)
Operation of management system
Reviews/auditing of ISMS (components)
Improvement plan concerning IS aspects
(corrections/prevention measures)
Preparation of documentation

Page 1 of 9
ISO 27001 Competence Check
Annex of Application Form ISO 27001 (Please also provide complete CV):
Proof of Information Security Competence

Information security policy (strategies)


e.g.
Establishing or supporting any IS policy
Participation of reviews of the policy

Page 2 of 9
ISO 27001 Competence Check
Annex of Application Form ISO 27001 (Please also provide complete CV):
Proof of Information Security Competence

Internal organization
e.g.
Implementation or maintenance of IS
infrastructure within the organization
Co-ordination/reporting of information
security tasks
Establishing/implementation of IS-relevant
controls
Membership in specialist committees
Risk assessment concerning external
parties (customer, partner, etc.)
Liasioning with authorities
Setting up requirements of confidentiality
documents
Participating in independent review of IS

Asset management
e.g.
Owner of relevant assets, critical
information
Definition of rules for use of assets
Conduct of risk assessments for assets
Definition of the corresponding levels of
protection for assets

Page 3 of 9
ISO 27001 Competence Check
Annex of Application Form ISO 27001 (Please also provide complete CV):
Proof of Information Security Competence

Human resources security


(before, during employment, at termination/change)
e.g.
Definition of security aspects for roles or
functions (e.g. system administrator,
service personell)
Clarifying IS concerns when hiring
employees (e.g. in interviews in IS relevant
areas)
Conduct of IS awareness trainings for
employees
Terms and conditions of employment
Removal of access rights

Page 4 of 9
ISO 27001 Competence Check
Annex of Application Form ISO 27001 (Please also provide complete CV):
Proof of Information Security Competence

Physical and environmental security


e.g.
Design of security perimeters and entry
controls
Implementation of security and monitoring
procedures
Conduct of security checks
Equipment responsibility (incl.
service/maintenance tasks, mobile tools,
disposal etc.), siting and protecting of
equipment security

Page 5 of 9
ISO 27001 Competence Check
Annex of Application Form ISO 27001 (Please also provide complete CV):
Proof of Information Security Competence

Communications and operations management


e.g.
Definition or implementation (participation)
of operating procedures and responsibilities
to ensure the correct and secure operation
of information processing facilities
Conduct of capacity planning
involved in change management of
information processing facilities/systems
Participate in system acceptance test or
service evaluation(IS-aspects)
Responsibility for system documentation
Implementation of virus scanners and
firewalls, configuration of mobile code
Implementation/operation of information
back-up systems
Implementation/monitoring of controls for
network security
Handling/safeguarding of information media
or significant information (incl. disposal)
Involved in service delivery management
(e.g. monitoring, review, negotiation)
Access control
e.g.
Definition of policies and business
requirements for the access to information,
IT systems and networks
Managing and controlling access rights to
information systems
User password management
Experience as a user of sensitive
information/systems
Conduct of security trainings for users
Practical experience in security of mobile

Page 6 of 9
ISO 27001 Competence Check
Annex of Application Form ISO 27001 (Please also provide complete CV):
Proof of Information Security Competence

computing and teleworking


Experience in network management
Experience in operating systems control
(setup of policies and rules, monitoring)

Information sytems acquisition, development


and maintenance
e.g.
Definition of security requirements for new
systems (for development, change and
maintenance)
Implementation of controls for secure
operation of application systems
Conception and implementation of
cryptographic controls
Implementation of security controls for
development and maintenance processes
Responsibility for technical vulnerability
/patch management

IS Incident Management
e.g.
Participation in reporting and management of
IS events/incidents
Analyzing and risk assessments of incidents
Compilation of lessons learned from incidents
Evidence collection

Business continuity management


e.g.
Establishing/implementation of emergency
plans
Test and evaluation of emergency
Page 7 of 9
ISO 27001 Competence Check
Annex of Application Form ISO 27001 (Please also provide complete CV):
Proof of Information Security Competence

scenarios
Participation in business impact analysis

Compliance with legal and other requirements,


security requirements and technical standards
e.g.
Knowledge of applicable relevant statutory,
regulatory and contractual requirements
Conduct of compliance checks
Experience in protection of data and
intellectual property rights
Conduct of IS relevant audits
Special trainings in legal requirements (e.g.
cryptography)

Other aspects with regard to information


security
Experience in using audit tools
Audits in IT industries

Trainings (IS specific):


Y
Y

Page 8 of 9
ISO 27001 Competence Check
Annex of Application Form ISO 27001 (Please also provide complete CV):
Proof of Information Security Competence

Location/Date:

Signature of Applicant:

Page 9 of 9

You might also like