Internal Audit after the ISMS release
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
I'd say something between 30 and 90 days after the ISMS has been on regular operations you will have enough evidences and records produced to consider performing the internal audit.
For a more precise answer you have to consider the duration cycle of the processes in the ISMS scope. For example, for a software development process that works with agile methodologies (e.g., SCRUM), in a period of one month you already run approximately 4 cycles (sprints), while for a payroll process in the same period you may have one or two cycles. Some other processes, like equipment maintenance or systems maintenance, may have longer cycles, so you have to consider these when planning you internal audit.
This article will provide you further explanation about internal audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-gu ide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Oct 02, 2017