Scribd Logo
Upload

Welcome to Scribd!

  • How Ready Are You For Iso 27001? Self-Assessment Questionnaire

    Uploaded by

    Mohammad Hashempour
    23 views2 pages

    Original Title

    BSI-ISOIEC27001-Assessment-Checklist-UK-EN

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    23 views2 pages

    How Ready Are You For Iso 27001? Self-Assessment Questionnaire

    Uploaded by

    Mohammad Hashempour

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    HOW READY ARE YOU FOR ISO 27001?

    SELF-ASSESSMENT QUESTIONNAIRE
    The following questions are designed to gather information Information provided will not be disclosed and will be
    about your current information security processes, dependence destroyed immediately after use.
    on Information and management of information. From this we
    Please mark your answers ✓ for Yes and leave blank for No.
    can offer advice and ascertain if ISO 27001 is suitable and the
    best way to proceed. Please tick positive responses or give To order a copy of the ISO 27001 Standard please visit
    requested information. www.bsi-training.com

    Contact: County:

    Company: Postcode:

    Address: Tel:

    Town: Email:

    SECTION 1 – CUSTOMER PERSONAL INFORMATION


    1. Do you record customer details, names and addresses? 2. Is this information stored in multiple locations?
    2. Do you record customer financial details, payment 3. Do you have physical security protecting these stores?
    details or account information? e.g. Locked cabinets
    3. Do you record sales histories linked to customers? 4. Do you restrict access to such stores?
    4. Do you sell, share or distribute customer information? 5. Do you know exactly which staff members access
    these stores?
    SECTION 2 – ELECTRONIC INFORMATION
    STORAGE AND SYSTEMS 6. Do you know physically where this information is stored?
    1. Do you store important information on a 7. Have you assigned an owner to this information?
    computer database?
    SECTION 4 – BUILDING AND LOCATION SECURITY
    2. Do you use bespoke applications to access
    this information? 1. Is your building accessible to the public?

    3. Do you store customer information on multiple 2. Does your building have a security guard?
    computer databases? 3. Does your building have an alarm system?
    4. Do you control staff access to such databases? 4. Have you undertaken a risk assessment covering the
    5. Do you know exactly which staff members access building and contents?
    the databases? 5. Have you encountered building security issues previously?
    6. Do you know the physical locations where e.g. Thefts
    this information is stored?
    SECTION 5 – STAFF SECURITY ISSUES
    7. Have you assigned an owner to this information? 1. Do you take up all staff references?

    SECTION 3 – NON ELECTRONIC INFORMATION 2. Do you undertake background checks on your staff?
    STORAGE AND SYSTEMS
    3. Do staff have unrestricted access within the building?
    1. Do you store important information in paper or
    other non electronic formats?

    raising standards worldwide™


    4. Are you subject to special security requirements? 3. Have you undertaken a risk assessment covering
    e.g. Positive vetting your information?

    5. Do staff sign ‘Non disclosure’ agreements? 4. Have you identified specific threats to
    your information?
    SECTION 6 – INFORMATION IDENTIFICATION
    5. Have you taken positive action to mitigate
    1. Have you identified all important information
    these threats?
    within your organization?

    2. Have you identified the exact location of all SECTION 10 – ORGANIZATION INFORMATION
    important information? 1. Number of business sites:

    3. Are location and descriptions updated and available? 2. Business nature:

    4. Have you a process for judging how important/ 3. Number of staff at locations:
    valuable information is?
    4. Why are you looking at Information Security (issues,
    5. Have you assigned an owner to this information? requirements)?

    SECTION 7 – SECURITY POLICIES


    1. Do you have security policies?

    2. Do you make security policies available to staff? 5. Number of remote users:

    3. Do all staff know and understand these policies? 6. External interfaces with network
    (suppliers, VPN, feeds):
    4. Are these policies reviewed and updated?
    7 What access do external users have to your information?
    5. Are staff trained in Information Security?

    SECTION 8 – INFORMATION BACKUPS AND MAINTENANCE


    1. Are internal information systems independently
    inspected? 8. Reason for ISO 27001 interest (internal, customer, incident):

    2. Are backups and copies taken of all important


    information?

    3. Are backups and copies appropriately tested


    and stored?
    9. Is a current risk analysis process documented?
    4. Do you have a disaster recovery plan?
    10. Is a copy of the risk analysis document available?
    5. Have you tested this plan?
    11. Existing certificates with numbers:
    SECTION 9 – COMPLIANCE AND RISK
    1. Are you registered under the Data Protection Act?

    2. Is Information Security covered in customer/


    client contracts?

    Date of information:
    BSI Management Systems
    PO Box 9000 Thank you for providing this information. Information Security is a
    Milton Keynes
    complex issue requiring careful consideration and planning. BSI will
    MK14 6WT
    United Kingdom review the details and provide feedback.

    T: +44 (0)845 080 9000


    F: +44 (0)1908 228 180
    www.bsi-uk.com

    The BSI certification mark can be used on your stationery, literature


    and vehicles when you have successfully achieved certification.

    BSI Group: Standards • Information • Training • Inspection • Testing • Assessment • Certification

    You might also like