Expert Advice Community

Guest

Audit questions

  Quote
Guest
Guest user Created:   Aug 12, 2019 Last commented:   Aug 12, 2019

Audit questions

A quick two questions, if I may. I have an argue with the certifier (which in the end is always right…)
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 12, 2019

1. Does the internal auditor has to have a FORMAL training (should be formally certified of some sort) in order to conduct the internal audits? I found no evidence for that in any of the 9.2 clause.

Answer:

According to ISO 27001 (clause 7.2) competence can be demonstrated by means of education, training or experience. Considering that, an internal auditor does not need to have a formal training if he can demonstrate his competence by other means (e.g., an degree which includes education on auditing topics, or previous experience on auditing ISO 27001 management systems).

For additional information, see:
- What to look for when hiring a security professional https://advisera.com/27001academy/blog/2016/02/15/what-to-look-for-when-hiring-a-security-professional/

2. Should the information security policy be signed by CEO? Again I found no evidence for that – only "Top Management".

Answer:

By top management you must consider the highest level of the organization related to the ISMS scope. If the organization is included in the ISMS scope this person would be the CEO, however if only part of the organization is included in the ISMS scope this person may be someone else. Please note that for small and mid-sized organizations, due to their size, the most common is that the CEO signs the information security policy, no matter if the scope of the ISMS is the whole" organization or not.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 12, 2019

Aug 12, 2019

Suggested Topics

Guest user Created:   Sep 13, 2019 ISO 27001 & 22301
Replies: 1
0 0

Internal audit questions

Guest user Created:   Aug 27, 2019 ISO 27001 & 22301
Replies: 1
0 0

Certification audit questions

Guest user Created:   Aug 26, 2019 ISO 27001 & 22301
Replies: 1
0 0

Audit questions