Internal audit checklist and report combined
What will be doing is using the checklist to carry out the iso27001 Internal audit. As you know the checklist has a section that says evidence I will write where I got the evidence who I interviewed medium etc.
What I am however doing is after each section of the checklist for eg context of the organisation
I have combined the report there for example after each major section after answering collecting the evidence I have done this.
I have basically combined the audit checklist and the report. I'll send a screenshot. Please let me know what if this fulfill requirements of audit and audit report. Programme I have already please see screenshot.
Many thanks my guess combining them is fine just double checking.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Your approach of combining the Internal Audit Report and Internal Audit Checklist is not very common, but probably will be acceptable for the certification audit. However, we feel this will take too much time so it is probably better to use the Internal Audit Checklist and the Internal Audit Report separately.
Whatever approach you take, make sure that you include all elements from the Internal Audit Report.For more information, see:
- ISO 27001 internal audit: The complete guide https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/#section5
Comment as guest or Sign in
Sep 14, 2023