Expert Advice Community

Guest

Audit questions

  Quote
Guest
Guest user Created:   Oct 21, 2022 Last commented:   Oct 21, 2022

Audit questions

Can you please help me to get it clarified on below , I had asked this in one of the QnA session your webinar

One of my client is outsourced the IT and Software Development, I have to do the internal audit for this client, in scope document they have mentioned as entire organization. In that case do I have to audit the IT department
One of the client is operating on Co-working space, Physical, access, IT and Networking security is Managed by the provider, In this scenario do the client needs to have access, network, physical security polices and procedures

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 21, 2022

1. One of my client is outsourced the IT and Software Development, I have to do the internal audit for this client, in scope document they have mentioned as entire organization. In that case do I have to audit the IT department

I’m assuming that your client is outsourcing its IT and Software Development.

Considering that, in terms of the IT department you need to audit the contract/service agreement they have with the outsourcing company, to evaluate if the outsourced services are being managed by the company and fulfilled by the provider.

In case the client is providing IT and Software Development to other companies, then you need to audit the IT department.

For further information, see:

2. One of the client is operating on Co-working space, Physical, access, IT, and Networking security is Managed by the provider, In this scenario do the client needs to have access, network, physical security polices and procedures

In this scenario, the client needs to have the Access control policy because it is a mandatory document according to ISO 27001. Regarding network and physical security policies, the client can decide on its own whether these are needed or not. The fact that the client is using outsourced services has no impact on this situation.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 21, 2022

Oct 21, 2022