Assign topic to the user
Answer:
The purpose of internal audit is to independently check out whether the Information Security Management System (ISMS) is working properly, so for the certification audit you have to audit all requirements from the main section of the standard (from sections 4 to 10), and the implemented controls listed on the Statement of Applicability.
After the certification audit, it is best if the internal audit covers the whole ISMS each year, however you can decide to plan the internal audit in a 3-year cycle so to cover the whole ISMS in that period (the period between certification and recertification audits).
This article will provide you further explanation about internal audit:
- Becoming ISO 27001 certified – How to prepare for certification audit https://advisera.com/27001academy/iso-27001-certification/
These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain Eng lish Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Apr 10, 2019