Internal audit

Do you have an anonymised example for the annual internal audit program? Am looking to see how much information is needed.

In the video tutorials that came with your toolkit, you can see examples of how to fill out all the internal audit program.

Also when considering who performs the internal audits – do they have to be certified to do so?

ISO 27001 requires competences related to information security to be ensured based on education, training, or experience, so it is not mandatory for those who performs internal audit to be certified if you can provide other means to ensure competence. For example, the person has a previous experience of 5 years auditing ISO 9001 and has experience in ISO 27001 implementation projects, or in his educational background he attended a course in the faculty related to audit concepts.

This article will provide you further explanation about internal audits:
- Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-2 7001-internal-auditor/

These materials will also help you regarding internal audits:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/