SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Guest

Audit Questions

  Quote
Guest
Guest user Created:   Oct 05, 2023 Last commented:   Oct 05, 2023

Audit Questions

We recently had a client undergo a pre-assessment audit for their certification. During the audit, a couple of issues were raised:

The internal audit wasn't conducted properly due to insufficient time allocated for the process and the management system.
The auditors were seeking procedural documents that directly correlate with the Annex A policies provided in your templates.
Given these challenges, I wanted to reach out and seek your guidance. Specifically:

Do you have best practices or guidance on how to ensure our internal audits are thorough and in compliance with the standards?
Are there any templates or resources available that can help us align our procedural documents with the Annex A policies you've provided? This would be incredibly helpful in ensuring our documentation meets the auditor's requirements.

Furthermore, I'm curious if you have any templates or resources specifically for ISMS procedureal documents. We want to ensure that our ISMS documentation is both comprehensive and in line with industry standards.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 05, 2023

As resources for performing internal audit, we recommend these contents:

Regarding procedural documents, the documents that you already have in the ISO 27001 Documentation Toolkit are completely adequate for the certification if you are a small or mid-sized company. Adding more documents would only create an overhead and would not contribute to your overall security. 

For example, in the Toolkit you have the Backup Policy - for a smaller or mid-size company there is no need to create additional Backup Procedure, because the content of the Backup Policy is enough for describing backup activities.

However, if you want we can help you create additional documents - for that purpose the best would be to schedule a call with our expert by clicking here

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 05, 2023

Oct 05, 2023

Suggested Topics

Guest user Created:   Oct 21, 2022 ISO 27001 & 22301
Replies: 1
0 0

Audit questions

Guest user Created:   Sep 01, 2022 ISO 27001 & 22301
Replies: 1
0 1

Internal Audit Questions

Guest user Created:   Sep 13, 2019 ISO 27001 & 22301
Replies: 1
0 0

Internal audit questions