Auditing ISO 27001 and ISO 27018
Assign topic to the user
Last December our 27001 documentation was audit and approved, and now we have planned an audit type two (implementation phase) for November, but we want to go a bit further and also get and audit against ISO 27018 and scope the requirement of the GDPR Regulation.
My question are:
1 - It is possible to audit both ISO 27001 and 27018?
Answer: ISO 27018 is a supporting standard to ISO 27001, providing detailed guidance and recommendations on the implementation of ISO 27001 Annex A controls, considering privacy in cloud environments, so it is perfectly possible to perform an audit considering these two standards as references.
This article will provide you further explanation about ISO 27001 and ISO 27018:
-ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/ loud/
2 - Is it possible to audit the 11 extra controls of the ISO 27018 only as the controls of the ISO 27001/27002 already apply? how would you recommend to do it?
Answer: You can reduce your audit scope to cover only the ISO 27018 extra controls and the other controls from ISO 27001 that have some specific recommendations provided in the ISO 27018 with no problem.
To support this activity, I suggest you to take a look at the free demo of our Internal Audit Checklist for ISO 27001 & ISO 27017 & ISO 27018 at this link: https://advisera.com/27001academy/documentation/internal-audit-checklist/
It provides a list of questions in order to help perform an internal audit against ISO 27001, considering also ISO 27018. For each clause or control from the standard the checklist provides one or more questions which should be asked during the audit in order to verify the implementation.
This article will provide you further explanation about internal audits:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
These materials will also help you regarding internal audits:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Apr 04, 2018