Hello Advisera,
we've hired our internal auditor from outside, and we will receive Audit Report from him.
Do we still have to write the Internal audit Procedure and program, or is it normally what the Internal auditor should provide us in this case?
Thank you!
Assign topic to the user
Please note that ISO 27001 does not require the internal audit procedure to be documented, but it requires the internal auditor program and audit results to be documented, so your hired internal auditor needs to provide at least the internal auditor program and the Audit report.
This article will provide you a further explanation about mandatory documents:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
This material will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Mar 31, 2021