Audit Checklist
I am currently reading through the Audit Checklist of your ISO27001 package.
I am confused by the mixing of Business Continuity and IS Tasks.
While there are many BC Questions that are irrelevant for my purposes, I am missing the entire section 8 of ISO27001.
Also when adapting the BC Tasks for IS, I later find that comparable questions are stated in later sections.
Can you perhaps provide an updated Checklist with better focus on ISO27001?
Assign topic to the user
First of all, sorry for this confusion.
Please note that the Internal Audit Checklist included in the toolkit is divided into two sections - the first one for ISO 27001 and the second one for ISO 22301. To audit an ISO 27001 ISMS, you only need the questions in section one (they cover all needed questions to evaluate compliance with ISO 27001 mandatory clauses and applicable controls). There is no need to use or adapt questions related to ISO 22301.
Regarding questions for section 8 of ISO27001, they are the same applied to clauses 6.1.2 and 6.1.3 (the identification of clauses 8.2 and 8.3 are included with clauses 6.1.2 and 6.1.3 in the “Clause” column). You can find these questions on page one of the checklist.
Comment as guest or Sign in
Oct 15, 2021