| Category |
Assignment |
Subject |
Management |
| University |
Sheffield Hallam University |
Module Title |
55-703841 Standard Based Security Audit |
| Assessment Title |
001 Report - Submission Point
|
| Level |
7 |
| Academic year |
2025 |
55-703841 Module Learning Outcomes
- LO1 Identify, describe and evaluate key areas of the ISO 27001, ISO 27002 and ISO 19011 standards
- LO2 Auditing to required standards
- LO3 Interview techniques
- LO4 To understand the processes of a lead auditor
Assessment Brief of 55-703841
Refer to the case study in this document. Your team have been tasked by Julie Girdham to create an ISMS to prevent the current or future breaches in the case study. The report must include the following sub-tasks.
| Sub-task |
Marking Criteria |
Comment |
Total weight |
|
1
|
Audit Interview Questions
|
- Develop a list of 10 audit interview questions to audit the incident management process from the case study on the blackboard.
- Consider your audiences from all strategic, tactical, and operational levels.
- Map relevant ISO/IEC 27001:2022 Clauses / Annex A Controls.
|
20% |
|
2
|
Non- Non-Conformity Reports |
- Concerning the case study on the Blackboard, identify any 3 areas of concern.
- For each of the 3 chosen areas, you must.
- Write either a non-conformity report or observation, in the format required by the exam.
- You must state which clauses/annexe A controls you’re referencing, or you will be given zero marks
|
30% |
|
3
|
Junior Auditor Guidebook |
- You are a lead auditor and have been asked to write a simple guidebook for a new junior member of staff, Alice, as she is about to embark on her first ever audit.
- Start by outlining the purpose of an ISO27001 audit and its stages.
|
40% |
|
Sub-
task
|
Marking
Criteria
|
Comment |
Total
weight
|
|
|
|
- Describe and evaluate a stage 1 audit. What is its purpose? Describe and evaluate all relevant areas, activities, and outputs.
- Create a list and provide the importance of all mandatory documents from ISO/IEC 27001.
- Create a stage 2 audit plan for the case study organisation and explain why you need it – a table format is most suited.
- Describe and evaluate a stage 2 audit. What is its purpose? Describe and evaluate all relevant areas, activities, and outputs.
- Explain what is meant by objective evidence and why it is important. Give 5 examples from the case study.
- Focus on, as a minimum, the required competencies, checklists, the opening and closing meetings.
- Reference the ISO 27001, ISO 19011, and ISO 17021 wherever applicable in this booklet.
- Flow diagrams are advisable for any process demonstration.
Note: This should be in form of a guidebook that anyone can follow without prior knowledge in auditing or ISMS. The secret lies in the simplicity and comprehensiveness of this document.
|
|
|
4
|
Formatting, Referencing and continual evaluation |
- Assessment must be uploaded to the official submission point & Turnitin point only in Word format (.docx).
- Font must be in Calibri Body and size 11, with 1 line spacing.
- The document must be named as StudentID_StudentName_SBSAAA_SBSAAA_SBSAAA_ SBSAAA 2025 (Student ID replaced by your student ID, and StudentName replaced by your First Name).
- The referencing/bibliography must be in line with SHU guidance, and the work submitted is your own and not plagiarised. Turnitin score must be within the acceptable range.
- Proofread your work to check your spelling and grammar.
- Keep to the word count.
- Continual contribution to class activities and group discussions.
|
10% |
