An ISO 27001 audit can be intimidating, especially if it is the first time that your information security management system (ISMS) has been audited.
Producing accurate, concise and updated reports is an important part of your audit. Some reports are mandatory, whereas others will help you to impress your auditor.
Statement of Applicability (SoA)
The SoA is a crucial, mandatory report for your ISO 27001 audit. It’s also essential for the management and control of an ISMS.
The SoA identifies the controls that are relevant to your organisation and explains why those controls have been selected to treat the identified risks.
This can be a lengthy document as some organisations might identify thousands of risks. However, it is a useful and concise overview of the entire ISMS. Find out more about the SoA >>
Risk treatment plan (RTP)
The RTP is also a mandatory report for your ISO 27001 audit. It provides a summary of the identified risks, the responses that have been designed for each risk, the parties responsible for those risks and the date to apply the risk treatment. Find out more about the RTP >>
Risk assessment report
The risk assessment report provides detailed information about residual risks as determined by the risk assessment. This is a useful document as it provides information about assets that remain moderately vulnerable, which can help your organisation prepare responses and continuity plans based on the likelihood or severity of risks.
Streamline the risk assessment process
Fully aligned with ISO 27001, vsRisk streamlines the information risk assessment process and helps you produce consistent, robust and reliable risk assessments year-on-year.
vsRisk is a database-driven solution for conducting an asset-based or scenario-based information security risk assessment. It is proven to simplify and speed up the risk assessment process by reducing its complexity and cutting associated costs.
vsRisk can generate six audit-ready reports, including the SoA, RTP and a risk assessment report. Export, edit and share these reports with ease across your organisation and with auditors.
*** This is a Security Bloggers Network syndicated blog from Vigilant Software Blog authored by Chloe Biscoe. Read the original post at: https://www.vigilantsoftware.co.uk/blog/3-reports-needed-for-an-iso-27001-audit/