Guest user Created: Apr 03, 2017 Last commented: Apr 03, 2017

Auditor's opinion

Hypothetically speaking how do you think an ISO 27001 auditor would view the following situation: a firm that is very paper dependent, through the risk assessment process has identified risks to the papers, the impact of which could be very high not only financially but to the reputation as well. Following the risk assessment that firm then chose to accept the risks of loss of confidentiality and availability of those documents and not implement a clear desk policy and provide some additional storage in order for the organisation to securely lock the documents away at night.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Apr 03, 2017

How do you think that would be viewed by the auditor?

Answer: Hypothetically speaking, all will depend on the justification for accepting the risk - if such justification does not exist, or it is not plausible, this situation is a nonconformity.

This article will provide you further explanation about how an auditor thinks:
- Infographic: The brain of an ISO auditor – What to expect at a certification audit https://advisera.com/articles/infographic-the-brain-of-an-iso-auditor-what-to-expect-at-a-certification-audit/
- Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 03, 2017

Expert Advice Community