The DRP & BCP Template, DRP & BCP Audit Program, Security Template, and Security Audit Program are provided in MS Word format. The Audit Programs are IS0 28000, 27000, Sarbanes Oxley, PCI-DSS, and HIPAA compliant.
Disaster Recovery & Business Continuity and Security Templates Audit Bundle - This bundle is fully compliant with Sarbanes-Oxley, HIPAA, PCI-DSS and the ISO 28000 and 27000 Series (ISO 27001 and ISO 27002). It has been updated to reflect all of the recent legislation and other mandated requirements.
The Disaster Planning and Business Continuity Template has been selected by over 2,000 enterprises world-wide as the foundation of their DRP and BCP programs.
The Security Manual Template has just been updated to address issues such as SmartPhone and other PDAs
The Security Audit Program contains over 400 unique tasks divided into 11 areas of audit focus which are then divided into 38 separate task groupings. The audit program is one that either an external or an internal auditor can use to validate the compliance of the Information Technology and the enterprise to ISO 27000 (Formerly ISO 17799), Sarbanes-Oxley, HIPAA, and PCI-DSS.
The Disaster Recovery/Business Continuity Audit program identifies control objectives that are met by the audit program. There are 36 specific items that the audit covers in the 11 page audit program.
ISO 28000 specifies the requirements for a security management system, including those aspects critical to the security assurance of the supply chain. Security management is linked to many other aspects of business management. Aspects include all activities controlled or influenced by organizations that impact on supply chain security. These other aspects should be considered directly, where and when they have an impact on security management, including transporting goods along the supply chain
The ISO 27000 series is a set of individual standards and documents defined as follows:
- ISO 27001 - The specification for an Information Security Management System (ISMS) replaced the BS7799-2 standard. ). By implementing the Standard, enterprises:
- Protect all forms of information, both digital and hard copy
- Increase the organisation’s resilience to cyber attacks
- Respond to evolving security threats
- Improve the organisation’s security culture
- Improve the organization's reputation
- ISO 27002 - The ISO 27002 standard is a renaming of the ISO 17799 standard, which is a code of practice for information security. It outlines controls and control mechanisms, which may be implemented subject to the guidance provided within ISO 27001.
- ISO 27003 - This is a PROPOSED Standard, which has yet to be completely defined. This will be the official number of a new standard intended to offer guidance for the implementation of an ISMS (Information Security Management System). The purpose of this proposed development is to provide help and guidance in implementing ISMS. This will be a quality control standard when it is released. ISO 27003 will focus on utilizing the Plan-Do-Act-Check (PDCA) method, when establishing, implementing, reviewing, and improving the ISMS.
- ISO 27004 - This is the designated number for a PROPOSED standard covering information security, system management, measurement, and metrics.
- ISO 27005 - This is the name of a PROPOSED standard emerging standard covering information security risk management. As with the other standards within the ISO 27000 series, no firm dates have been established for its release. However, it will define the ISMS risk management process, including identification of assets, threats and vulnerabilities. This is the ISO number assigned for an emerging standard for information security risk management.
- ISO 27006 - This standard offers guidelines for the accreditation of organizations that offer certification and registration with respect to ISMS.