ISO 27001 & 22301 / how to reference clauses and Annex A controls in an ISO27001 internal audit report
Since the standard is licensed, how can we appropriately reference/include ISO27001 Annex A controls and clause requirements in an internal audit report to show which control/clause is not being met?
Please select user.
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
The easiest way if for you to refer only to the standard's clauses or Annex A controls numbers, describing them in your own way (normally a negative form of the requirement/control). For example:
This way the text is different enough to not be considered a violation of intellectual property.
For further information, see:
HTML tags are not allowed