Internal audit section of ISO 27001:2022
This might come across as a silly question, but in the project checklist in the ISO toolkit, there is a section dedicated to operating and monitoring the ISMS. What actually needs to be completed under this process, just so I'm very clear and able to advise the project team?
Assign topic to the user
In “Operating the ISMS” the users identified in the various security policies and procedures need to perform defined activities, generate required records, and perform corrective actions as needed as a consequence of improvements needed in the operation of the ISMS.
In “Monitoring and measuring the ISMS” the users identified in the various security policies and procedures need to collect information about processes and objectives performance and evaluate if expected results are being achieved.
The template Measurement Report, included in your toolkit, in folder 12 Managemenr review can help you.
In terms of the project team, in both steps project team members need to be ready to support users, by answering their doubts, and evaluating, based on users’ feedback, if documents need adjustments.
Comment as guest or Sign in
Feb 21, 2023