Internal Audit performed using Annex A
Assign topic to the user
I'm assuming you are referring to plan specific dates to audit each control of the Annex A. Considering that, there is no problem with this approach. My only suggestion to you is, if you have many controls to audit, you should consider grouping them in a way that in a single audit you can cover as many controls as possible, reducing the quantity of audits you have to perform. As criteria to group controls you can consider controls related to the same process, or implemented in the same location or business unit you are going to audit.
This article will provide you further explanation about internal audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Nov 08, 2017