Checklist for ISO 27001

1. I have the ISO 27001 Internal Audit Toolkit English and am starting the internal audit. The checklist provided for ISO 27001 only has listed up to A.8.34. The Statement of Applicability has up to A.18.2.3. Could I have the checklist up to A.18.2.3, please?

From your question, I’m assuming you want to audit an ISMS compliant with ISO 27001:2013, which Annex A has 14 sections (from A.5 to A.18) and 114 controls (from A.5.1.1 to A.18.2.3), while your Internal Audit Toolkit is compliant with ISO 27001:2022, which Annex A has 4 sections (from A.5 to A.8) and 93 controls (from A.5.1 to A.8.34).

To audit an ISMS compliant with ISO 27001:2013, you will need the checklist compliant with the ISO 27001:2013 version of the standard.

Considering that, we will send you a copy of the internal audit checklist for the ISO 27001:2013 version of the standard free of charge.

2. Also should the policies and procedure documents be specifically named individuals rather than Job title?

Responsibilities in policies and procedures can be defined in terms of individuals instead of a job title, but we do not recommend this approach, because every time the responsible person changes you will have to update all documents related to that person.