Internal audit
Assign topic to the user
# Type
# Scope
# Frequency
Is the documents of "10_Internal_Audit" covering this point?
Answer:
I'm assuming you are referring to ISO 27001 Annex A section A.18.2 Information security reviews. Considering that, your assumption is correct, the internal audit procedure is the document which covers the controls from this section.
The definition of scope and frequency will depend on factors such as the importance of the information system, related risks, results of previous audits, etc., but a good start to consider is to audit information systems in the ISMS scope at least once a year.
2. I´m having a problem to figured out this issue, do you have forms or a procedure to cover this point?
Answer:
To see how this internal audit document looks like, please take a look at the free demo of our ISO 27001/ISO 22301 Internal Audit Toolkit at this link: https://advisera.com/27001academy/iso-27001-22301-internal-audit-documentation-toolkit/
For further information also see:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- ISO 27001:2013 Internal auditor course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Jul 07, 2019