Guest
Audit findings
Hi Dejan , what is your view if an auditor gives me findings for not securely control employee's records. However, my ISMS scope does not cover employees record to be protected. ISMS scope is to protect information gather/process in procurement system.
Appreciate if you could give your professional view.
Assign topic to the user
Expert
Rhand Leal
Nov 23, 2021
Without specific information about the findings’ statements and the context of your organization, it is not possible to provide a more proper answer.
Even though your ISMS scope is focused on procurement system, you will still need to have employee records related to e.g. training (these are mandatory ISMS records), and you will need to protect those records as well.
Comment as guest or Sign in
Nov 23, 2021
Nov 23, 2021
Nov 23, 2021