Audit Questions
We recently had a client undergo a pre-assessment audit for their certification. During the audit, a couple of issues were raised:
The internal audit wasn't conducted properly due to insufficient time allocated for the process and the management system.
The auditors were seeking procedural documents that directly correlate with the Annex A policies provided in your templates.
Given these challenges, I wanted to reach out and seek your guidance. Specifically:
Do you have best practices or guidance on how to ensure our internal audits are thorough and in compliance with the standards?
Are there any templates or resources available that can help us align our procedural documents with the Annex A policies you've provided? This would be incredibly helpful in ensuring our documentation meets the auditor's requirements.
Furthermore, I'm curious if you have any templates or resources specifically for ISMS procedureal documents. We want to ensure that our ISMS documentation is both comprehensive and in line with industry standards.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
As resources for performing internal audit, we recommend these contents:
- ISO 27001 internal audit: The complete guide
- Free online training ISO 27001:2013 Internal Auditor Course
Regarding procedural documents, the documents that you already have in the ISO 27001 Documentation Toolkit are completely adequate for the certification if you are a small or mid-sized company. Adding more documents would only create an overhead and would not contribute to your overall security.
For example, in the Toolkit you have the Backup Policy - for a smaller or mid-size company there is no need to create additional Backup Procedure, because the content of the Backup Policy is enough for describing backup activities.
However, if you want we can help you create additional documents - for that purpose the best would be to schedule a call with our expert by clicking here.
Comment as guest or Sign in
Oct 05, 2023