Tag: "Product: ISO 27001 Internal Auditor Course" - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Risk levels and decision-makers

    About risk levels and decision-makers, could you share some insights? I got confused on who will be the decision maker on putting the level of the risk and based on which criteria the level was set?

  • ISO 27001 Internal Auditor Course Question

    Wrt the Q/A listed below. I cannot see the relevance of the Question to the section being discussed Module 9 "Document Review"

    Document review - quiz question

    Not sure I follow the answer (2) to this question in context of Document Review

    Q: When performing the document review you must take into account:
    1. Only the context of the organization, including its size and complexity. – Incorrect! These are not the only elements that should be considered when performing the document review.
    2. The risks and opportunities associated to the context of the organization. – Correct!
    3. The clause order of the ISO standard, so you can follow the exact sequence during the document review. – Incorrect! It is not mandatory to follow the sequence of the clauses of an ISO standard, you must follow the sequence that you believe is the most efficient and effective.
    4. All the above. – Incorrect! a) and c) are not correct statements.

    Please explain

  • ISO 27001 Internal Auditor Certification

    1 - I would like to do the ISO 27001 Internal Auditor Certification from Advisera, however, I would like to know whether the certification exam will be based on ISO 27001:2013 or ISO 27001:2022 or both. 2 - Also, we will be facing our 1st surveillance audit on June 13, 2022, my question is whether the newly added security controls will be checked by the auditor or it will be based on ISO 27001:2013 only.
  • Module 9 - reviewing documents off-site

    I am referring to ISO 27001 Internal Auditor Course. In module 9 (Document review at 2:20) it is said the following: "You can perform the document review on-site meaning in the auditee or premises, or you can also do it off-site – in your own office – it really does not matter, all you are doing is reading the documentation." Is this really correct? This documentation is or can be classified and shouldn't leave the premises? I found that statement a bit strange.