SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Auditing ISO 27001 and ISO 27018

Guest

Auditing ISO 27001 and ISO 27018

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Apr 04, 2018 Last commented:   Apr 04, 2018

Auditing ISO 27001 and ISO 27018

ISO 27001 & 22301
I work for a small company in Serbia, we are actually on our way of our ISMS implementation base on ISO 27001 and also on our way to be GDPR ready.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Apr 04, 2018

Last December our 27001 documentation was audit and approved, and now we have planned an audit type two (implementation phase) for November, but we want to go a bit further and also get and audit against ISO 27018 and scope the requirement of the GDPR Regulation.

My question are:
1 - It is possible to audit both ISO 27001 and 27018?

Answer: ISO 27018 is a supporting standard to ISO 27001, providing detailed guidance and recommendations on the implementation of ISO 27001 Annex A controls, considering privacy in cloud environments, so it is perfectly possible to perform an audit considering these two standards as references.

This article will provide you further explanation about ISO 27001 and ISO 27018:
-ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/ loud/

2 - Is it possible to audit the 11 extra controls of the ISO 27018 only as the controls of the ISO 27001/27002 already apply? how would you recommend to do it?

Answer: You can reduce your audit scope to cover only the ISO 27018 extra controls and the other controls from ISO 27001 that have some specific recommendations provided in the ISO 27018 with no problem.

To support this activity, I suggest you to take a look at the free demo of our Internal Audit Checklist for ISO 27001 & ISO 27017 & ISO 27018 at this link: https://advisera.com/27001academy/documentation/internal-audit-checklist/

It provides a list of questions in order to help perform an internal audit against ISO 27001, considering also ISO 27018. For each clause or control from the standard the checklist provides one or more questions which should be asked during the audit in order to verify the implementation.

This article will provide you further explanation about internal audits:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

These materials will also help you regarding internal audits:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor course https://advisera.com/training/iso-27001-internal-auditor-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 04, 2018

Apr 04, 2018

Suggested Topics
Guest user Created:   Jan 21, 2020 ISO 27001 & 22301
Replies: 1
0 0

Appendix 3 – Internal Audit Checklist for ISO 27001
Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Internal Audits
Garry Created:   Dec 10, 2023 ISO 27001 & 22301
Replies: 3
0 0

Understanding the core concepts of RPO & RTO - ISO 22301