Guest user Created: Oct 25, 2017 Last commented: Oct 25, 2017

Auditing single departments

I have 1 questions about the Scope of the ISMS: If I have a large enterprise, with 5000 employees, various systems, software and departments. Would I be able to audit just one department even if we are using the same network, servers and physical location?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Oct 25, 2017

Answer: Yes, you can limit your audit just to one department. Regarding the fact that this department uses the same network, servers and physical location, you should look for if these elements comply with the requirements defined for the department you are auditing (if different departments have different levels of security requirements, the organization should consider segregate them in groups with similar requirements).

These articles will provide you further explanation about performing audits:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

These materials will also help you regarding audits:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Oct 25, 2017

Expert Advice Community