Release of ISO 27007:2020 Guidelines for ISMS Auditing

In an age of increasing data usage and the risk of information security breaches and cyber-attacks, the benefits of an ISMS certification based on ISO 27001 are well recognized. It helps to minimize the chance of such breaches occurring by systematic management of associated risks.

ISO/IEC 27007, Information technology – Security techniques – Guidelines for information security management systems auditing, provides guidelines for effective audits of ISMS to ensure they are as robust and competent as they are intended to be. It has been revised to ensure it remains fit for purpose and align it with updates to its complementary standard, ISO 19011, Guidelines for auditing management systems.


This document is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme. The standard provides extensive guidance on auditing the requirements stated in ISO/IEC 27001 as well as on the competence of ISMS auditors. It is also intended to be used in conjunction with ISO 19011.

ISO/IEC 27007:2020 was developed by joint technical committee ISO/IEC JTC 1, Information technology, subcommittee SC 27, Information security, cybersecurity and privacy protection, the secretariat of which is held by DIN (Deutsches Institut für Normung e.V.,  or German Institute for Standardization in English), ISO’s member for Germany. DIN is one of the primary shareholders of DQS.

ISO/IEC 27007:2020 cancels and replaces the second edition (ISO/IEC 27007:2017). The main changes to the new version are as follows:

  • the document has been aligned with ISO 19011:2018;
  • the Introduction has been reworded and expanded;
  • in 5.1, the entire text has been removed;
  • in 5.2.2, the former item d) has been removed;
  • in 5.3, the entire text has been removed;
  • in, the former item b) and a paragraph below has been removed;
  • in, the first paragraph has been removed and the NOTE reworded.


Supports by DQS

DQS is providing:
a) ISO 27001:2013 certification to all kinds of organizations, or parts of organizations, with sensitive information,
b) non-certification audits against above standards.

To improve the personal skills, DQS Academy is providing:
a) information security management courses certified by PECB, such as ISO 27001 Lead Auditor, Penetration Test Professional, and Data Protection Officer, to persons in information security management field, and
b) internal auditor lecturing courses by DQS HK for standards like ISO 27001, to ISMS responsible persons.

Never be too late to prepare for business sustainability.


Ref Source: ISO website.

By |2020-05-12T15:08:06+08:00April 15th, 2020|ISMS, ISO 27001, IT|Comments Off on Release of ISO 27007:2020 Guidelines for ISMS Auditing

Share This Story, Choose Your Platform!

About the Author:


Go to Top