Expert Advice Community

Guest

Independent review

  Quote
Guest
Guest user Created:   Aug 31, 2019 Last commented:   Aug 31, 2019

Independent review

Can this requirement for 'Independent Review' be satisfied internally? That is, review of the ISMS policies and procedures by an in-house team that is not directly attached to the ISO 27001 effort?

Can this requirement be satisfied through the ISO 27001 Certification process, citing the 2 minor audits between major certification as our Independent Review?

Otherwise, what is the best course of action to meet this requirement, and could we gain and keep certification without using this control?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 31, 2019
Can this requirement for 'Independent Review' be satisfied internally? That is, review of the ISMS policies and procedures by an in-house team that is not directly attached to the ISO 27001 effort?


Answer: You understanding is correct. The ISMS review by anyone with proper competence (i.e., knowledge, education or experience on ISO 27001 requirements) that is not related to the ISMS scope, or does not review his/her own work, is a way to fulfill this requirement.

Can this requirement be satisfied through the ISO 27001 Certification process, citing the 2 minor audits between major certification as our Independent Review?


Answer: You assumption is correct, it is possible to achieve compliance with A.18.2.1 by means of certification / surveillance audit.

Otherwise, what is the best course of action to meet this requirement, and could we gain and keep certification without using this control?


Answer: The certification / surveillance audit is the best course of action because internal audits are mandatory.

This article will p rovide you further explanation about internal audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/

For further information about internal audit, please see:
- ISO 27001:2013 Internal auditor course https://training.advisera.com/se/iso-14001-internal-auditor-course/o-27001-internal-auditor-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 31, 2019

Aug 31, 2019