ISO27001 Competence Summary

ISO 27001 Competence Check
Annex of Application Form ISO 27001 (Please also provide complete CV):
Proof of Information Security Competence
Name of applicant:
Organization:
Professional experience: (from/to, company/institute, function/role)

1.
2.
Information Security Aspect Proof of Professional Experience Remarks of the Certification Body
(examples for sorts of competence area) Please describe professional experience and knowledge
with regard to following aspects of Information Security ,
based on given facts of your CV
(intensity, volume, duration, etc.)
Management system
e.g.
Establishing an ISMS (completely or partly)
Practical experience with risk assessment
methods
Risk evaluation/treatment (plan)
Operation of management system
Reviews/auditing of ISMS (components)
Improvement plan concerning IS aspects
(corrections/prevention measures)
Preparation of documentation
Page 1 of 9
Information security policy (strategies)

e.g.
Establishing or supporting any IS policy
Participation of reviews of the policy
Page 2 of 9
Internal organization
e.g.
Implementation or maintenance of IS
infrastructure within the organization
Co-ordination/reporting of information
security tasks
Establishing/implementation of IS-relevant
controls
Membership in specialist committees
Risk assessment concerning external
parties (customer, partner, etc.)
Liasioning with authorities
Setting up requirements of confidentiality
documents
Participating in independent review of IS
Asset management
e.g.
Owner of relevant assets, critical
information
Definition of rules for use of assets
Conduct of risk assessments for assets
Definition of the corresponding levels of
protection for assets
Page 3 of 9
Human resources security

(before, during employment, at termination/change)
e.g.
Definition of security aspects for roles or
functions (e.g. system administrator,
service personell)
Clarifying IS concerns when hiring
employees (e.g. in interviews in IS relevant
areas)
Conduct of IS awareness trainings for
employees
Terms and conditions of employment
Removal of access rights
Page 4 of 9
Physical and environmental security

e.g.
Design of security perimeters and entry
controls
Implementation of security and monitoring
procedures
Conduct of security checks
Equipment responsibility (incl.
service/maintenance tasks, mobile tools,
disposal etc.), siting and protecting of
equipment security
Page 5 of 9
Communications and operations management

e.g.
Definition or implementation (participation)
of operating procedures and responsibilities
to ensure the correct and secure operation
of information processing facilities
Conduct of capacity planning
involved in change management of
information processing facilities/systems
Participate in system acceptance test or
service evaluation(IS-aspects)
Responsibility for system documentation
Implementation of virus scanners and
firewalls, configuration of mobile code
Implementation/operation of information
back-up systems
Implementation/monitoring of controls for
network security
Handling/safeguarding of information media
or significant information (incl. disposal)
Involved in service delivery management
(e.g. monitoring, review, negotiation)
Access control
e.g.
Definition of policies and business
requirements for the access to information,
IT systems and networks
Managing and controlling access rights to
information systems
User password management
Experience as a user of sensitive
information/systems
Conduct of security trainings for users
Practical experience in security of mobile
Page 6 of 9
computing and teleworking

Experience in network management
Experience in operating systems control
(setup of policies and rules, monitoring)
Information sytems acquisition, development

and maintenance
e.g.
Definition of security requirements for new
systems (for development, change and
maintenance)
Implementation of controls for secure
operation of application systems
Conception and implementation of
cryptographic controls
Implementation of security controls for
development and maintenance processes
Responsibility for technical vulnerability
/patch management
IS Incident Management
e.g.
Participation in reporting and management of
IS events/incidents
Analyzing and risk assessments of incidents
Compilation of lessons learned from incidents
Evidence collection
Business continuity management

e.g.
Establishing/implementation of emergency
plans
Test and evaluation of emergency
Page 7 of 9
scenarios
Participation in business impact analysis
Compliance with legal and other requirements,

security requirements and technical standards
e.g.
Knowledge of applicable relevant statutory,
regulatory and contractual requirements
Conduct of compliance checks
Experience in protection of data and
intellectual property rights
Conduct of IS relevant audits
Special trainings in legal requirements (e.g.
cryptography)
Other aspects with regard to information

security
Experience in using audit tools
Audits in IT industries
Trainings (IS specific):

Y
Y
Page 8 of 9
Location/Date:
Signature of Applicant:
Page 9 of 9

ISO27001 Competence Summary

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

ISO27001 Competence Summary

Încărcat de

Drepturi de autor:

Formate disponibile

ISO 27001 Competence Check

Professional experience: (from/to, company/institute, function/role)

Information security policy (strategies)

Human resources security

Physical and environmental security

Communications and operations management

computing and teleworking

Information sytems acquisition, development

Business continuity management

Compliance with legal and other requirements,

Other aspects with regard to information

Trainings (IS specific):

S-ar putea să vă placă și