Selection of internal auditors
Assign topic to the user
Nosotros tenemos un comité de implementación (quien lleva la implementación) y estamos en la fase de verificación de los controles implementados.
Mi consulta es si las auditorías internas nos corresponde hacerlas nosotros o personal externo especializado en el tema.
(Our institution is in the process of implementing the NTP-ISO / IEC 27001: 2014 (it is the Peruvian Technical Standard that adopted in ISO 27001: 2013).
We have an implementation committee (who is implementing) and we are in the verification phase of the implemented controls.
My query is if the internal audits we are required to do by us or external staff specialized in the subject.)
Answer: According to ISO 27001, clause 9.2 e), to select internal auditors you only have to ensure objectivity and the impartiality of the audit process, and for doing this you can either use external staff or organization's staff that is not direct ly involved in the process being audited (an auditor should not audit his own work).
These articles will provide you further explanation about Selection of internal auditors:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
- Dilemmas with ISO 27001 & BS 25999-2 internal auditors https://advisera.com/27001academy/blog/2010/03/22/dilemmas-with-iso-27001-bs-25999-2-internal-auditors/
These materials will also help you regarding Selection of internal auditors:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Aug 24, 2017