Expert Advice Community

Guest

Conformio expert question

  Quote
Guest
Guest user Created:   May 09, 2022 Last commented:   May 09, 2022

Conformio expert question

1. How to handle legal and contractual requirements and what clauses require this in the standard? 2. Is it required that the person who is doing the Audit needs to have training in Internal Auditing and ISO 27001?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 09, 2022

1. How to handle legal and contractual requirements and what clauses require this in the standard?

Legal and contractual requirements are handled through the Register of Requirements module. In the Wizard tab on the screen's left side, you will find A Help & Support tab where you can access help videos that will explain how to use this module.

Legal and contractual requirements are related to standard clause 4.2 Understanding the needs and expectations of interested parties, and Annex A control A.18.1.1 Identification of applicable legislation and contractual requirements.

2. Is it required that the person who is doing the Audit needs to have training in Internal Auditing and ISO 27001?

The standard requires that a person performing work that can impact information security has proper competence, by means of experience, training, or education.

Considering that, in case this person already has previous experience on ISO 27001 and ISO 27001 internal audits (e.g., this person has already performed internal audits before), he does not necessarily need to have formal training.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 09, 2022

May 09, 2022