Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

Annual Audit Program

  Quote
Guest
Guest user Created:   Mar 15, 2023 Last commented:   Mar 15, 2023

Annual Audit Program

Hi Dejan! I'm been watching your videos on Advisera and planning to take the exam. I was wonder under the Annual Audit Programme you said that companies can define their audit criteria? I was wondering from an external audit perspective, wouldn’t the audit compulsorily look at The standard, internal policies and procedure, legislation requirements and Interested parties requirements?

Is there room to say the audit criteria can be scoped to just the standard and not the internal policies etc?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 15, 2023

I’m assuming you are referring to a certification audit perspective.

Considering that, your assumptions are correct. The standard, internal policies and procedures, and applicable legal requirements (e.g., laws, procedures, and contracts) related to the ISMS are mandatory criteria for the internal audit.

The point about the audit criteria definition in the standard is that you can decide how to perform the audit to cover the ISMS scope (several small audits or a single one). You can use the audit criteria to set groups of elements to be audited. For example, you can decide to audit first IT processes then SW development processes, and then HR processes. Or you can decide to audit first processes related to the higher risks. Or you can perform more than one audit in areas with a history of a high quantity of incidents or non-conformities.

Additionally, you can decide to include references, like ISO 27002 or NIST Special Publications, if they were used by the organization to implement their controls.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 15, 2023

Mar 15, 2023

Suggested Topics

Guest user Created:   Mar 01, 2019 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content

Guest user Created:   Feb 16, 2017 ISO 27001 & 22301
Replies: 1
0 0

Internal audit