Does the auditor verify technical aspects, for example the quality of a network architecture from the security point of view, or the truth of information recorded in risk assessment table?
Answer:
Yes, an auditor can verify technical aspects, because there are technical controls (A.13.1.1, A.13.1.2, A.13.1.3, specific related to the network security management), and of course can verify the truth of the information registered in the risk assessment table, because the auditor needs evidences about the implementation and maintenance of the ISMS and needs to verify if your activities comply with your own documentation. This article can be interesting for you Infographic: The brain of an ISO auditor What to expect at a certification audit : https://advisera.com/articles/infographic-the-brain-of-an-iso-auditor-what-to-expect-at-a-certification-audit/
Comment as guest or Sign in
Jan 13, 2016