Planning internal audit
Assign topic to the user
Answer:
You do not have to audit you certified ISMS against all clauses each year. For certification purposes you only have to ensure that all ISO 27001 requirements had been audited at least once before the next certification audit. Considering that, you can audit only part of the requirements on each annual internal audit, provided that at the next certification audit all requirements had been audited at least once. It will be acceptable for surveillance audits.
The best approach would be for you to check the surveillance audits schedule to verify which requirements will be covered by the next surveillance audit, so you can focus on them.
These articles will provide you further explanation about internal and surveillance audits:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
Comment as guest or Sign in
Jun 21, 2019