About this series
Let’s be realistic – it is human to make mistakes, so it’s impossible to have a system with no errors; it is, however, possible to have a system that improves itself and learns from its mistakes. Internal audits are a crucial part of such a system. In this book, Dejan Kosutic, an author, and experienced ISO consultant is giving away his practical know-how on ISO 9001, ISO 14001, ISO 27001, ISO 22301, ISO 20000, ISO 22000, OHSAS 18001, ISO 13485, AS9100 and IATF 16949 internal audits.
This book is written primarily for beginners in internal auditing and for people with moderate knowledge about internal audits. On the other hand, if you do have experience with internal audits, but you feel that you still have gaps in your knowledge, you’ll also find this book helpful. So, no matter if you are new or experienced in the field, this book gives you everything you will ever need to learn and more about internal audits.
Inside you will find not just basic information about the internal audit and ISO 19011 but also information on how to create the internal audit checklist, how to write the internal audit report, what are the best technics for finding evidence during the audit, how to perform interviewing during the audit and much more.
Kosutic uses real-life examples and plain English in order to explain everything that is necessary to completely understand how to perform an internal audit for all ISO management standards.
Titles in the series (6)
- ISO 27001 Risk Management in Plain English: A Step-by-Step Handbook for Information Security Practitioners in Small Businesses
1
“Risk management is the central idea of ISO 27001. And, the way ISO 27001 tells you to achieve this tailor-made suit is to perform risk assessment and risk treatment.” This book, ISO 27001 Risk Management in Plain English, is a quick read for people who are focused solely on risk management. It has one aim in mind: to give you the knowledge and practical step-by-step process you need to successfully implement ISO 27001 risk assessment and treatment – without struggle, stress, or headaches. ISO 27001 Risk Management in Plain English is written primarily for beginners in this field and for people with moderate knowledge about risk assessment and treatment. It is structured in such a way that someone with no prior experience or knowledge about information security can quickly understand what it is all about, and how to implement the whole risk management project. However, if you do have experience with ISO 27001, but feel that you still have gaps in your knowledge, you’ll also find this book very helpful. This book will give you a complete overview of risk management according to ISO 27001. It will also explain the differences between risk management in ISO 27001 and other risk-oriented standards, such as ISO 27005 and ISO 31000. You will learn the five main steps in the risk management process, the purpose of risk assessment, and how to perform it. “In my experience, the employees (and the organization as a whole) are usually aware of only 25 to 40% of risks,” says author Dejan Kosutic. “Therefore, a thorough and systematic process needs to be carried out to find out everything that could endanger the confidentiality, integrity, and availability of their information.” This book will serve as your complete guide to ISO 27001 risk management. From the simple explanation of requirements, steps in risk management, development of methodology, and which documents are required for risk management – you will quickly see that this is the only book you’ll ever need on the subject.
- ISO 27001 Annex A Controls in Plain English: A Step-by-Step Handbook for Information Security Practitioners in Small Businesses
2
In this book, Dejan Kosutic, author and experienced information security consultant, is giving away his practical know-how on ISO 27001 security controls. No matter if you are new or experienced in the field, this book teaches you everything you need to know about security controls. ISO 27001 Annex A Controls in Plain English is written primarily for beginners to ISO 27001, and for people with moderate knowledge about Annex A of the standard and the 114 security controls that are found in the Annex. It is structured in such a way that someone with no prior experience or knowledge about information security can quickly understand what they are all about; however, if you do have experience with ISO 27001, but feel that you still have gaps in your knowledge, you’ll also find this book very helpful. Kosutic uses plain English to explain everything you need to know about security controls in ISO 27001, as well as the differences between the controls in Annex A of ISO 27001 and in ISO 27002. Also, you will learn everything about the crucial link between risk management and security controls, and get a complete overview of Annex A controls starting from the introduction, structuring of the documentation, and instructions on how to write detailed information security policies, all the way to the requirements for compliance. Written in simple language and avoiding the technical jargon, ISO 27001 Annex A Controls in Plain English is the right book to start learning about the subject.
- Preparing for ISO Certification Audit – A Plain English Guide: A step-by-step handbook for ISO practitioners in small businesses
3
“Before you decide if your company should go for the certification, you have to ask yourself one important question: Do you really need it?” This book is a complete guide that will not only help you decide on this crucial concern, but also lead you from the beginning of the certification project to the end. This book is not focused solely on one ISO standard – the certification process is the same for any standard, so the book is adapted in such a way that it is perfectly acceptable for ISO 9001, ISO 14001, ISO 27001, ISO 20000, ISO 22000, OHSAS 18001, ISO 13485, and IATF 16949. Kosutic wrote Preparing for ISO Certification Audit: A Plain English Guide primarily for beginners in this field, and for people with moderate knowledge about ISO certification. The book is structured in such a way that someone with no prior experience or knowledge about ISO standards can quickly understand how the whole certification process works, and what steps to take for its successful completion. This book is a straightforward guide for ensuring your company passes the certification audit, leading you through the following steps: The final check before going for the certification – this part of the book explains in detail all the necessary steps that need to be done before going for the certification. How to choose a certification body – here you will learn about the most important criteria for choosing the certification body. Among others, you should consider the reputation, specialization, and experience of a certification body. Steps in the company certification and how to prepare – in this part of the book you will learn more about the Stage 1 audit, Stage 2 audit, and surveillance visits – the three main steps in the certification process. Which questions the certification auditor may ask – this section of the book will give you insight into how the certification auditors usually perform the certification audit, explaining what documentation you should prepare, what evidence the auditor will try to find, and what kind of questions you can expect during the certification interview. How to talk to the auditors to benefit from the audit – “Don't forget that auditors are only people, and no matter how professional they are, they will always be glad if you treat them fairly, and will be negative if you treat them badly.” What the auditor can and cannot do – this section is also very important in order to prepare your company for the certification audit. You have to be aware that there are borders that a certification auditor shouldn’t cross. Written in plain English with easy-to-understand language, this is the only book you will ever need on the subject.
- Managing ISO Documentation – A Plain English Guide: A Step-by-Step Handbook for ISO Practitioners in Small Businesses
4
In this book, Dejan Kosutic, author and experienced ISO consultant, is giving away his practical know-how on managing policies, procedures, plans, forms, reports, and other documented information. No matter if you are new or experienced in the field, this book gives you everything you will ever need to learn on how to handle ISO 9001, ISO 14001, ISO 27001, ISO 22301, ISO 20000, ISO 22000, OHSAS 18001, ISO 13485, AS9100, and IATF 16949 documents. Many ISO practitioners are often disappointed with the quantity and complexity of the documentation. You can frequently hear: “We don’t need these documents – we’re doing just fine without them; this would only be overkill.” “This standard is all about documentation – we simply need to fill out all the documents, and we’ll automatically get the certificate.” “We need to write policies and procedures for each and every process, activity, and control in our company – the more documents, the clearer the rules will be, and it will be easier for us to comply.” This book is here to prove these statements wrong. As Kosutic says: “The main point of the implementation of any standard is that the employees perform their activities and processes in a better way, and the documentation is here to help you do that, because otherwise, their processes and activities would become unmanageable.” Managing ISO Documentation: A Plain English Guide is a step-by-step guide that will explain the sequence of writing the documentation and its relationship with the PDCA cycle, how to decide on your documentation strategy, how to decide which policies and procedures to write, and what might be the most crucial part – how to write documentation that will be accepted by your employees. Written in easy-to-understand language, whether you’re an experienced practitioner or new to the field, Managing ISO Documentation: A Plain English Guide is the only book you’ll ever need on the subject.
- Preparations for the ISO Implementation Project – A Plain English Guide: A Step-by-Step Handbook for ISO Practitioners in Small Businesses
5
“There are many misconceptions about ISO standards that very often do not allow the standard to become a serious candidate for consideration, let alone for the actual implementation.” In this book, Dejan Kosutic, author and experienced ISO consultant, is giving away his practical know-how on preparing for ISO 9001, ISO 14001, ISO 27001, ISO 22301, ISO 20000, ISO 22000, OHSAS 18001, ISO 13485, AS9100, and IATF 16949 implementation. No matter if you are new or experienced in the field, this book gives you everything you will ever need to learn about preparations for ISO implementation projects, and how to avoid some costly mistakes in the process. The first step that is crucial to any ISO implementation project is to convince your top management to implement the ISO standard, and in order to do so, you have to speak the language they want to hear. As Kosutic says: “What management wants to hear are profit, market share, client satisfaction, cost cutting, business strategy, and business risks. And you can't blame them – after all, this is what their job is all about.” Starting from that step, Preparations for the ISO Implementation Project: A Plain English Guide will cover other important steps your organization must take in order to be completely prepared for the implementation of any ISO standard. Among other important things, you will learn how to choose a consultant, how to set up the project management structure, and what tools and templates can help you in the implementation project. Written in easy-to-understand language, this book is written for people who are going for an ISO implementation for the first time and need clear guidance on what to do before the project starts. Whether you’re an experienced practitioner or new to the field, it’s the only book you’ll ever need on the subject.
- ISO Internal Audit – A Plain English Guide: A Step-by-Step Handbook for Internal Auditors in Small Businesses
6
Let’s be realistic – it is human to make mistakes, so it’s impossible to have a system with no errors; it is, however, possible to have a system that improves itself and learns from its mistakes. Internal audits are a crucial part of such a system. In this book, Dejan Kosutic, an author, and experienced ISO consultant is giving away his practical know-how on ISO 9001, ISO 14001, ISO 27001, ISO 22301, ISO 20000, ISO 22000, OHSAS 18001, ISO 13485, AS9100 and IATF 16949 internal audits. This book is written primarily for beginners in internal auditing and for people with moderate knowledge about internal audits. On the other hand, if you do have experience with internal audits, but you feel that you still have gaps in your knowledge, you’ll also find this book helpful. So, no matter if you are new or experienced in the field, this book gives you everything you will ever need to learn and more about internal audits. Inside you will find not just basic information about the internal audit and ISO 19011 but also information on how to create the internal audit checklist, how to write the internal audit report, what are the best technics for finding evidence during the audit, how to perform interviewing during the audit and much more. Kosutic uses real-life examples and plain English in order to explain everything that is necessary to completely understand how to perform an internal audit for all ISO management standards.
Read more from Dejan Kosutic
Secure & Simple – A Small-Business Guide to Implementing ISO 27001 On Your Own: The Plain English, Step-by-Step Handbook for Information Security Practitioners Rating: 0 out of 5 stars0 ratings
Related to ISO Pocket Book Series
Related ebooks
ISO 27001 Annex A Controls in Plain English: A Step-by-Step Handbook for Information Security Practitioners in Small Businesses Rating: 0 out of 5 stars0 ratingsInternal audit Third Edition Rating: 0 out of 5 stars0 ratingsISO 27001 A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsISO22301: A Pocket Guide Rating: 4 out of 5 stars4/5ISO 27001 Controls – A guide to implementing and auditing Rating: 5 out of 5 stars5/5ISO IEC 27001 Lead Auditor A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsIso 9001:2015 into the Future Rating: 0 out of 5 stars0 ratingsISO 9001 A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsISO IEC 27001 Lead Implementer A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsISO 27001 Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsISMS The Ultimate Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsRisk based internal audit A Complete Guide Rating: 0 out of 5 stars0 ratingsISO27001/ISO27002:2013: A Pocket Guide Rating: 4 out of 5 stars4/5Systems Thinking and ISO 9001:2015 Rating: 4 out of 5 stars4/5Quality Management Iso9001:2015 Changes: A Guide to Implementation Rating: 5 out of 5 stars5/5The Case for ISO27001:2013 Rating: 1 out of 5 stars1/5ISO IEC 27001 Lead Implementer A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsInformation Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5Discover ISO 9001:2015 Through Practical Examples: A Straightforward Way to Adapt a QMS to Your Own Business Rating: 5 out of 5 stars5/5Implementing an Integrated Management System (IMS): The strategic approach Rating: 5 out of 5 stars5/5ISO 22301: 2019 - An introduction to a business continuity management system (BCMS) Rating: 4 out of 5 stars4/5Risk Assessment for Asset Owners Rating: 4 out of 5 stars4/5
Security For You
Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsRemote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsMake Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsHacking For Dummies Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Handbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5Cybersecurity All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsDark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsPractical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5
Related categories
Reviews for ISO Pocket Book Series
0 ratings0 reviews