Guest user Created: Jan 12, 2018 Last commented: Jan 12, 2018

Frequency of performing internal audit of ISMS

Could you please give some information concerning the ISO27001 requirement for frequency of performing internal audit of ISMS. Is there any clear requirement in the standard that organisation's internal audit must perform ISMS audit on annual basis?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jan 12, 2018

Answer: ISO 27001 is not prescriptive about a specific frequency to perform internal audits, but when defining it, the standard requires you to take in consideration the importance of the processes concerned and the results of previous audits (the more problematic or critical is the process, more frequent it should be audited, and vice versa). Additionally, if your organization is iso 27001 certified, the certification auditor will expect to see internal audit performed at least once a year, so you also should take this in consideration.

This article will provide you further explanation about planing audits:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/

These materials will also help you regardi ng planing audits:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2018

Expert Advice Community