In regards to ISO27001 clause 9.2 and 9.3
An organisation is conducting annual audit of their cyber security environment as a best practice, how an ISMS internal audit varies from normal audit.
Assign topic to the user
The main difference between a cybersecurity audit and an ISMS audit is that an ISMS audit covers the management requirements of the ISMS standard (clauses on sections 4 to 10), and applicable controls from Annex A that may cover controls not normally applicable to cybersecurity, like information classification, protection of intellectual property, physical access, etc.
These articles will provide you a further explanation about cybersecurity and audit:
- What is cybersecurity and how can ISO 27001 help? https://advisera.com/27001academy/blog/2011/10/25/what-is-cybersecurity-and-how-can-iso-27001-help/
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
These materials will also help you regarding audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Jun 04, 2020