Module 9 - reviewing documents off-site
Assign topic to the user
You are partially correct. While some documents can be classified in a way that forbids them to leave premises, you may need to make such documents available to the internal auditor when he is off-premises (e.g., during a remote audit due to pandemic) because they are related to mandatory clauses, or are paramount to evaluate a specific control. In these cases, you need to evaluate related risks and implement proper controls to decrease risks to acceptable levels (e.g., sign a specific NDA, provide only access to electronic version through a secure connection to your network, etc.)
These materials will provide you a further explanation about remote audit:
- How to perform an internal audit remotely [free webinar on demand] https://advisera.com/27001academy/webinar/remote-internal-audit-free-webinar-on-demand/
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
Comment as guest or Sign in
Jul 06, 2021