Is it typical in smaller companies (50-100 employees) that for the internal audit an external auditor is being hired? Or should you be thinking of somebody internally in the first place anyhow?
Assign topic to the user
ISO 27001 does not prescribe who the internal auditor should be, so both approaches for choosing the internal auditor are acceptable.
You can train your employees to get the competence in ISO 27001 internal auditing to perform this job. If this person works in the department that needs to be audited, to avoid conflict of interest you can train the second auditor that will audit only this department where the first auditor performs his/her regular job.
This article will provide you a further explanation about performing an internal audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
These materials will also help you regarding performing internal audit:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- ISO 27001 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Apr 24, 2020