Expert Advice Community

Guest

10.3 Appendix 3 Internal Audit Checklist

  Quote
Guest
Guest user Created:   Jul 22, 2021 Last commented:   Jul 22, 2021

10.3 Appendix 3 Internal Audit Checklist

I'm currently working on the 10.3 Appendix 3 Internal Audit Checklist which contains both ISO 27001 checklist but also ISO 22301. I haven't been working with ISO 22301 at any time throughout this project. Is it best practice to audit for 22301 even though this isn't a standard we've paid any attention to? Or should I just delete from the checklist? Afterall it's just a template.

I guess I should just remove the ISO 22301 part from the document, but I just wanted to make sure that an auditor does not expect this part as well.

0 1

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 22, 2021

In case you are implementing only ISO 27001, you can exclude the references to ISO 22301 from your internal audit checklist. A certification auditor will not look for compliance against ISO 22301 if it is not part of the certification scope.

The checklist for ISO 27001 contains all necessary information to cover requirements related to cover continuity of information security in questions related to controls from section A.17.

This article will provide you a further explanation about building a checklist:

For further information, see:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Jul 22, 2021

Jul 22, 2021

Suggested Topics

Guest user Created:   Oct 15, 2021 ISO 27001 & 22301
Replies: 1
0 0

Audit Checklist

Guest user Created:   Oct 06, 2021 ISO 27001 & 22301
Replies: 2
0 0

ISO 27001 audits