Expert Advice Community

Guest

how to reference clauses and Annex A controls in an ISO27001 internal audit report

  Quote
Guest
Emily Created:   Oct 02, 2020 Last commented:   Oct 05, 2020

how to reference clauses and Annex A controls in an ISO27001 internal audit report

Since the standard is licensed, how can we appropriately reference/include ISO27001 Annex A controls and clause requirements in an internal audit report to show which control/clause is not being met?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 05, 2020

The easiest way if for you to refer only to the standard's clauses or Annex A controls numbers, describing them in your own way (normally a negative form of the requirement/control). For example:

  • Clause 4.2 a) not met: interested parts relevant to the ISMS not determined
  • Control A.8.1,1 not met: Asset inventory outdated

This way the text is different enough to not be considered a violation of intellectual property.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 02, 2020

Oct 05, 2020

Suggested Topics