Expert Advice Community

Guest

Interna/External auditor role

  Quote
Guest
Guest user Created:   May 11, 2018 Last commented:   May 11, 2018

Interna/External auditor role

Gostaria de saber que é o papel do Auditor interno/externo na implementação e auditoria da norma 27001 e 22301, assim com o responsável pela segurança de de informação. Existe algum documento onde posso ver essas informações?

(I would like to know what is the role of the internal / external Auditor in the implementation and audit of standard 27001 and 22301, as well as the person in charge of information security. Is there a document where I can see this information?)
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 11, 2018
The auditor role is to verify if the management system is implemented, operated, maintained and improved according to the requirements of the defined standard, as well as according to other requirements defined by the organization that are relevant to the management system. The auditor has little to no role during the management system implementation. The internal auditor performs audits on behalf of the organization that owns the management system, while the external auditor performs audits on behalf of an organization's client (second-party auditor) or a certification body (third-party auditor).
The role of the person in charge of information security is to ensure that the information security management system conforms to the requirements of the standard, and to report on the performance of the information security management system to top management. This person has an important role in the management system implementation, either as the leader of the implementation project team or as the person who will give the project's team the needed guidance for the project implementation.
These articles will provide you further explanation about information security responsible and auditor roles:
- How to become ISO 27001 Lead Auditor https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
- Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
- What is the job of Chief Information Security Officer (CISO) in ISO 27001? https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
These materials will also help you regarding information security responsible and auditor roles:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 11, 2018

May 11, 2018