Guest user Created: Oct 05, 2017 Last commented: Oct 05, 2017

Internal audit client

We, Internal audit will be performing an ISMS audit based on the IT department request who should we report to in terms of our findings ? is it the IT department or the AC as per the norm?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Oct 05, 2017

Answer: Since you are performing an internal audit, you should report to the person that requested the internal audit, i.e., the head of the IT department. There is no need to report to the certification body at the moment of the audit realization (but you should note that during regular certification audits an auditor can ask for information about this particular internal audit)

This article will provide you further explanation about internal audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/

These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plai n-english-guide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Oct 05, 2017

Expert Advice Community