Get FREE 12-month access to the AI-Powered Knowledge Base worth $450
with your ISO 27001 toolkit purchase
Limited-time offer – ends June 27, 2024

Expert Advice Community

Guest

27001 audits

  Quote
Guest
Guest user Created:   Sep 23, 2022 Last commented:   Sep 23, 2022

27001 audits

How would I audit a large company who holds their ISMS processes at their head office but have 120 sub sites who mainly only supply construction work for the company. Head office is in *** and about 60 sub sites in ***. My point is, as far as the ISMS is concerned it is operated from the Head office who hold all the clients’ data.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 23, 2022

I’m assuming that:

  • the ISMS scope covers only the company’s head office and the sub-sites only interact with the ISMS scope (they are not part of it)
  • you are referring to an internal audit, not to a certification audit.

Considering that, when the scope is only the head office, you do not need to audit the sub-sites.

In this case, the sub-sites can be audited as part of the supplier monitoring process, which is a completely separated process.

At most, during the audit of the head office, you can ask for the audit reports from the sub-sites, to check if audits were performed and if treatment of raised non-conformities is being followed up, but you do not need to enter in further detail.

This article will provide you with further explanation about auditing:

These materials will also help you regarding auditing:

  • How To Perform an Internal Audit Remotely [free webinar on demand] https://advisera.com/27001academy/webinar/remote-internal-audit-free-webinar-on-demand/
  • ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
  • How to perform an ISO 27001 second-party audit of an outsourced supplier https://advisera.com/27001academy/blog/2017/10/10/how-to-perform-an-iso-27001-second-party-audit-of-an-outsourced-supplier/

  • Quote
    0 0

    Comment as guest or Sign in

    HTML tags are not allowed

    Sep 23, 2022

    Sep 23, 2022

    Suggested Topics