Audit checklist
For the audit checklist document, 10.3, we are just doing ISO27001, does the auditor need to complete the whole checklist? Can pieces be done over time? Can you just sample the checklist and issue a report to meet the standard?
Assign topic to the user
In case you are preparing for a certification audit, then you need to complete all items related to mandatory requirements (from sections 4 to 10) and all items related to applicable controls defined in the SoA.
You can sample the checklist when you are preparing for a surveillance audit, because, in this case, you can focus on the items that will be audited.
This article will provide you a further explanation about certification and surveillance audit:
- Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
This material will also help you regarding audits:
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
May 15, 2020