This handbook is intended to help small and medium-sized businesses establish, implement, maintain and continually improve an information security management system in accordance with the requirements of the international standard ISO/IEC 27001.
At the same time, this handbook is also intended to provide information to auditors who must investigate whether an information security management system meets all requirements and has been effectively implemented.
This handbook assumes that you ultimately want your information security management system to be certified by an accredited certification body. In this book, you will find detailed explanations, more than a hundred examples, and sixty-one common pitfalls. This book also contains information about the rules of the game and the course of a certification audit.
Cees van der Wens (1965) studied Industrial Automation in the Netherlands. In his role as Lead Auditor, the author has carried out dozens of ISO/IEC 27001 certification audits at a wide range of organizations. As a consultant, he has helped as many organizations with obtaining the ISO/IEC 27001 certificate.