SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Doubts about lead auditors in 27001

  Quote
Guest
Guest user Created:   Jan 27, 2022 Last commented:   Jan 27, 2022

Doubts about lead auditors in 27001

I have been on several ISO 22301 and 27001 webinars and I have doubts that if you could not answer me 1) In which cases, an auditor can decide whether to waive an audit in a company. 2) In case of detecting illegal software in an audit which is the procedure for which an auditor has to go, who is required to communicate how to proceed.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 27, 2022

1) In which cases, an auditor can decide whether to waive an audit in a company.

Answer: Considering certification/surveillance audits, these cannot be waived, because not performing a certification/surveillance audit will impact the certificate issuance.

In the case of internal audits, these can be waived considering the results of previous audits, provided that all ISMS scope is audited before a certification/surveillance audit.

For example, if you have a process audit twice a year, due to the results of previous audits (that were good), you can decide to waive one audit and perform audits only once a year.

2) In case of detecting illegal software in an audit which is the procedure for which an auditor has to go, who is required to communicate how to proceed.

Answer: This is a situation to be treated very politely.

The recommended approach is to state that it was not possible to evidence the proper management of intellectual property rights of software *** (you should NEVER state that software is illegal, remember that your findings are based on the evidence you have found, or not found).

Regarding who to communicate with, you need to communicate with the audit customer during the briefings at the end of each audit day, and that the nonconformity will be also formally communicated in the Audit report.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 27, 2022

Jan 27, 2022