I am advising a *** company at the moment, as well as a ‘daughter company’ in the *** on ISO 27001. Just some questions:
1 - In the ***, there is only one person actively working, but he is (of course) also shareholder. Would it be okay if he does the internal audit? In ***, we want to have the CTO as internal auditor. He doesn’t have shares, but he is part of Management. Would this be okay?
2 - What would be the cost of an online training for these internal auditors?