Expert Advice Community

Guest

Audit

  Quote
Guest
Guest user Created:   Jan 08, 2021 Last commented:   Jan 08, 2021

Audit

Agradeceré puedan resolver mi siguiente consulta.


Desde hace algunos meses compré el Paquete Premium de ustedes y he venido haciendo la preparación para que una empresa pueda certificarse en ISO 27001.

Mi pregunta es: Hasta qué punto debo llegar para que la empresa Certificadora haga su auditoría ? Deben considerar que he cumplido todos los pasos exigibles y obligatorios por ISO 27001, habiendo llegado hasta al “Plan de concienciación y capacitación”. Solamente me está faltando los puntos de “Auditoría Interna”, “Revisión por la dirección” y “Acciones correctivas”…. Mi pregunta es, si estos 3 últimos pasos debo realizarlos obligatoriamente antes de pasar la Auditoría de Certificación.

Debo resaltar que, en mi calidad de Consultor de la implementación de ISO 27001, no podría hacer una Auditoría Interna, debido a que no debo ser “juez y parte”.

Que es lo que debo hacer o que me recomiendan ?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 08, 2021

I will be grateful if you can solve my next query.

For some months I bought the Premium Package from you and I have been preparing for a company to be certified in ISO 27001.

My question is: To what extent should I go so that the Certifying company does its audit? They must consider that I have completed all the steps required and mandatory by ISO 27001, having reached the "Awareness and training plan". I am only missing the points of "Internal Audit", "Review by management" and "Corrective actions" .... My question is, if these last 3 steps must be carried out before passing the Certification Audit.

I must emphasize that, in my capacity as Consultant for the implementation of ISO 27001, I could not do an Internal Audit, because I should not be "judge and party".

What should I do or what do you recommend?

To go for certification, an organization must have evidence of the fulfillment of all requirements of the standard, as well as of the operation of all implemented controls.

Considering that, the certifying company must perform an internal audit, management review, and treat corrective actions, before going for the certification audit.

As for performing an internal audit, you still have some options: you can train organization employees to perform an internal audit (taking care they do not audit their own work), or the organization can hire an external auditor for performing this internal audit. 

These articles will provide you a further explanation about certification:

These materials will also help you regarding certification:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 08, 2021

Jan 08, 2021