ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Question 1:
Conducting individual internal audits
The following must be documented as internal audit results:
Internal Audit Report it must be sent to [job title]
possible corrective actions must be documented in the Corrective Action Form, as required by the Procedure for Corrective Action
I think, main responsibilities of auditor is looking for nonconformities, no propose corrective action, it is responsibilities of audited
Question 2:
When evaluating the effectiveness and adequacy of this document, the following criteria need to be considered:
number of corrective actions identified during the audit
number of corrective actions identified during the certification audit conducted after the internal audit
My opinion, number of corrective actions is function of professional maturity audited peoples,not process efficiency
Answer 1:
Corrective actions can be identified by the organization but also by an external auditor in an internal audit, it is very common (most of reports of the auditors include corrective actions) and there is no clause in the ISO 27001 prohibiting an auditor to identify and propose corrective actions.
Answer 2:
I agree with you, but the number of corrective actions is related to the document, not to the process of Internal Audit.
Comment as guest or Sign in
Jan 12, 2016