We currently have an external audit scheduled for our ISMS. Internal Audit currently owns the audit function of the ISMS but does not own the ISMS. Who is the lead person for the organization when the external auditors come in. Would it be the owner of the ISMS (Director of IT Security) or would it be the team that only maintains the Audit function within the ISMS?
Assign topic to the user
The lead person should be the owner of the ISMS because this person has a systemic view of the system. The owner of the ISMS will act as the liaison between the external audit and the information security functions and processes of the company.
This articles will provide you a further explanation about external audit:
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
Comment as guest or Sign in
Nov 17, 2020