Does the auditor verify technical aspects, for example the quality of a network architecture from the security point of view, or the truth of information recorded in risk assessment table?
Answer:
The auditor can verify technical aspects for example the quality of a network architecture, because ISO 27001:2013 in the Annex A has controls related to IT, for example A.13.1.1, A.13.1.2, A.13.1.3 which are related to network security management, and also can verify the truth of information recorded in risk assessment table, because the auditor needs evidences about the implementation and maintenance of your ISMS.
This article can be interesting for you Infographic: The brain of an ISO auditor What to expect at a certification audit : https://advisera.com/articles/infographic-the-brain-of-an-iso-auditor-what-to-expect-at-a-certification-audit/
Comment as guest or Sign in
Jan 13, 2016