Audit procedure and information logging

Answer: For an audit procedure, I suggest you to take a look at the free demo of our Internal Audit Procedure at this link: https://advisera.com/27001academy/documentation/internal-audit-procedure/

If I understood correctly, you want to know what should be logged by systems to be used as evidence in an audit. "Audit logging" is not a term used by the standard and may lead to misunderstandings.

Considering you are referring to what should be logged, you should look for legal and contractual requirements you must fulfil and the results of risk assessment (unacceptable risks ca provide you information about what should be logged). For IT systems, the most common logs are related to date, time, IP address (both from origin and destination), user (both common users and administrators), action performed (e.g., login attempts, modifications on configurati ons, etc.) and results (success or failure).

These materials will also help you regarding audits:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/