Guest user Created: Feb 08, 2018 Last commented: Feb 08, 2018

Internal audit scope

I am putting together a proposal for carrying out Internal audits for a client to ISO27001 Standards. During an internal audit what areas should be covered, broadly speaking?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Feb 08, 2018

Answer: Broadly speaking, you should consider the areas responsible for ISO 27001 main requirements (e.g., document control, risk assessment, management review, corrective actions, etc.), and the areas where the applicable controls stated in SoA are implemented. If you plan a single audit, all the controls stated in SoA should be audited. If you are planning multiple audits, then you can audit part of the controls stated in SoA on each internal audit, but you have to ensure that all controls were covered by your planned audits.

This article will provide you further explanation about internal audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/

These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/ books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 08, 2018

Expert Advice Community