Who should do the internal audits?
Assign topic to the user
ISO 27001 does not prescribe who must perform the internal audit, only requires this person to have the proper competencies for auditing and that any situations that can lead to conflict of interest is avoided (e.g., a person should not audit his/her own work).
Considering that, organizations are free to:
- use an internal employee
- hire an external consultant
This article will provide you a further explanation about internal audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Oct 21, 2020