Appreciated the overview on  “Common Mistakes in ISO 27001 Implementation” .

However, ISO /IEC27003 is the reference for ISMS “Implementation Guidance”. Some some other observations of the Common Mistakes in the story:

1. The “Normative reference” for ISO/IEC 27001 is ISO/IEC 27000 and was not mentioned.

2. “Engage trained internal auditors who are familiar with the standard and understand the business context” – the sequence is back to front as per ISO 27011 Internal Audit 9.2.a. Its “(1) conforms to the org’ns own requirements for it’s ISMS and then (2) The requirements of this IS”

3. For Auditing, there was no mention of ISO 19011 Guidelines

4. Those requirements are to be as Clause 5.1.c states – “integration of the ISMS reqt’s into the organization’s processes” – but never directly mentioned

5. “Continuous improvement not only helps in maintaining compliance but also …” – ISO 27001 and all MS Standards – Requirements, are NEVER for “Compliance” – it is Conformance or Conformity.

6. Secondly its only “Continual” not “Continuous”.

7.  “An effective ISMS requires input and cooperation from various stakeholders across the organization” – although Stakeholders can be used, the Standard says Interested parties and

8.  The 2024 for Climate Change Amendments, for the added 4.1 Requirement and NOTE in 4.2 were never mentioned The ISMS does not say “KPIs”