1 - I would like to do the ISO 27001 Internal Auditor Certification from Advisera, however, I would like to know whether the certification exam will be based on ISO 27001:2013 or ISO 27001:2022 or both.
2 - Also, we will be facing our 1st surveillance audit on June 13, 2022, my question is whether the newly added security controls will be checked by the auditor or it will be based on ISO 27001:2013 only.
Module 9 - reviewing documents off-site
I am referring to ISO 27001 Internal Auditor Course.
In module 9 (Document review at 2:20) it is said the following:
"You can perform the document review on-site meaning in the auditee or premises, or you can also do it off-site – in your own office – it really does not matter, all you are doing is reading the documentation."
Is this really correct? This documentation is or can be classified and shouldn't leave the premises? I found that statement a bit strange.