Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

Completing RTP before certification audit

  Quote
Guest
Guest user Created:   May 22, 2023 Last commented:   May 22, 2023

Completing RTP before certification audit

Does all of the RTP need to be completed before certification audit?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 22, 2023

You can leave some of the activities of the Risk Treatment Plan to be completed after the certification audit under the following conditions:

  1. That you have implemented before the certification the controls that mitigate the biggest risks - in other words, you can leave for conclusion after the certification audit only activities related to less important controls.
  2. That you have specified the deadlines for the activities related to the controls that you will be implementing after the certification in your Risk Treatment Plan - of course, those deadlines must be after the certification date.
  3. That your risk owners or top management accept all the risks for which controls have not been implemented before the certification.

This means that activities related to the most important controls must have "implemented" status at the certification, while the less important controls can have the status "planned" or "partially implemented" at the moment of the certification.

This article will provide you with further explanation:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 22, 2023

May 22, 2023

Suggested Topics

Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Internal Audits

Guest user Created:   Oct 31, 2023 ISO 27001 & 22301
Replies: 1
0 0

Audit report

Guest user Created:   Oct 24, 2023 ISO 27001 & 22301
Replies: 1
0 0

22301 certification