Guest user Created: Jul 22, 2021 Last commented: Jul 22, 2021

10.3 Appendix 3 Internal Audit Checklist

I'm currently working on the 10.3 Appendix 3 Internal Audit Checklist which contains both ISO 27001 checklist but also ISO 22301. I haven't been working with ISO 22301 at any time throughout this project. Is it best practice to audit for 22301 even though this isn't a standard we've paid any attention to? Or should I just delete from the checklist? Afterall it's just a template. I guess I should just remove the ISO 22301 part from the document, but I just wanted to make sure that an auditor does not expect this part as well.

0 1

Assign topic to the user

Select user

Expert

Rhand Leal Jul 22, 2021

In case you are implementing only ISO 27001, you can exclude the references to ISO 22301 from your internal audit checklist. A certification auditor will not look for compliance against ISO 22301 if it is not part of the certification scope.

The checklist for ISO 27001 contains all necessary information to cover requirements related to cover continuity of information security in questions related to controls from section A.17.

This article will provide you a further explanation about building a checklist:

How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

For further information, see:

Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

Quote

0 1

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 22, 2021

Expert Advice Community