Guest
Hello Advisera,
we've hired our internal auditor from outside, and we will receive Audit Report from him.
Do we still have to write the Internal audit Procedure and program, or is it normally what the Internal auditor should provide us in this case?
Thank you!
Since the standard is licensed, how can we appropriately reference/include ISO27001 Annex A controls and clause requirements in an internal audit report to show which control/clause is not being met?
For the first internal audit of the ISMS prior to certification, what should the scope period be? the past year?
In regards to ISO27001 clause 9.2 and 9.3
An organisation is conducting annual audit of their cyber security environment as a best practice, how an ISMS internal audit varies from normal audit.
Is it typical in smaller companies (50-100 employees) that for the internal audit an external auditor is being hired? Or should you be thinking of somebody internally in the first place anyhow?