Auditor questions

Is there a comprehensive list, covering all aspects, so we can tick off all the boxes with our Audit due in just over 4 weeks time.

Answer:

After checking mandatory documents and records, an auditor will approach staff with questions to evaluate their understanding about implemented policies and procedures, where they can find them, and how to proceed in case an incident happens. Examples are:
“Do you have access to the internal rules of the organization in relation to the information security?”
“Can you show me some of the related policies?”
“Could you tell me what are the points that you consider most important in the policy?”
These articles will provide you further explanation about auditor mind set:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
- Infographic: The brain of an ISO auditor – What to expect at a certification audit https://advisera.com/articles/infographic-the-brain-of-an-iso-auditor-what-to-expect-at-a-certification-audit/