Sorry for the long pause. It has been a busy week here, mostly out of the office doing things around the place - pumping water, stacking fence battens, shifting and chopping firewood, that sort of thing. Recharging my batteries really, prior to starting work on the next month's security awareness stuff. Oh and investing in a shiny new tooth.
This weekend I'm updating an ISMS audit guideline to reflect the current ISO/IEC 27001 and 27002 standards and others in the ISO27k series, plus good practices in general. With the help of some experienced auditors from the ISO27k Forum, the guideline has expanded to ~80 pages with detailed yet pragmatic checklists for auditing both the management system elements of an ISMS, and the information risks and security controls managed by it.