Assign topic to the user
ISO 27001 ISMS SCOPE DOCUMENT
Define the boundaries of ISMS for ISO 27001.
Get it now 
ISO 27001 ISMS SCOPE DOCUMENT
Define the boundaries of ISMS for ISO 27001.
Get it now
ISO 27001 ISMS SCOPE DOCUMENT
Define the boundaries of ISMS for ISO 27001.
Get it now
Answer:
If this service provider is included in the certified ISMS scope then it has to be audited at some point during the certification cycle (i.e., during surveillance audits), and as part of the certification process the auditor has authorization to perform the audit.
This article may provide you further information:
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
We've received additional question:
>Just to mention the team is not part of the scope as reply to the answer .
Answer: In this case the auditor has no previous authorization to audit this provider. He must justify his intention and the organization can decide to authorize or not the audit at its own discretion, but his most probable action is to check how you are managing the relationship with this service provider, i.e., how you can assure that this service provider is fulfilling your security requirements.
This article can provide you further information:
- How to perform an ISO 27001 second-party audit of an outsourced supplier https://advisera.com/27001academy/blog/2017/10/10/how-to-perform-an-iso-27001-second-party-audit-of-an-outsourced-supplier/
Comment as guest or Sign in
Mar 07, 2019