A must have resource for anyone looking to establish, implement and maintain an ISMSIdeal for information security managers, auditors, consultants and organisations preparing for ISOcertification, this book will help readers understand the requirements of an ISMS information security management system based on ISOSimilarly, for anyone involved in internal or external audits, the book includes the definitive requirements that auditors must address when certifying organisations to ISO The book covers Implementation guidance what needs to beconsidered to ful lthe requirements of thecontrols from ISO IEC, Annex A This guidance is aligned with ISO IEC, which gives advice on implementing the controls Auditing guidance whatshouldbechecked, and how,whenexaminingthe ISO IECcontrols to ensure that the implementation coversthe ISMS control requirements The implementation guidance gives clear descriptions covering what needs to be considered to achieve compliance against the requirements, with examples given throughout The auditing guidance covers what evidence an auditor should look for in order to satisfy themselves that the requirement has been met Useful for internal auditors and consultants, the auditing guidance will also be useful for information security managers and lead implementers as a means of confirming that their implementation and evidence to support it will be sufficient to pass an audit This guide is intended to be used by those involved in Designing, implementing and or maintaining an ISMS Preparing for ISMS audits and assessments or Undertaking both internal and third party ISMS audits and assessments About the author Bridget Kenyon CISSP is global CISO for Thales eSecurity Her experience in information security started inwith a role in network vulnerabilities at DERA, following which she has been a PCI Qualified Security Assessor, information security officer for Warwick University and head of information security for UCL, and has held a variety of roles in consultancy and academia Bridget has been contributing to international standards since , when she first joined BSI Panel , coordinating development of information security management system standards she is currently editor for ISO IECBridget has also co authored three textbooks on information security She strongly believes that information security is fundamental to reliable business operations, not a nice to have In , she was named one of the topwomen in tech by UK publicationPCR