Expert Advice Community

Guest

Internal Audits

  Quote
Guest
aduffield Created:   Jul 25, 2019 Last commented:   Jul 26, 2019

Internal Audits

Hi, I am looking at carrying out some internal audits of our main business processes. Am I, as the InfoSec Manager, able to carry out the audits myself or does it need to be an independent auditor, ie the production manager audits the sales process or the sales manager audits the account management process etc? Thanks
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 26, 2019
The InfoSec manager is involved in most of the activities related to the implementation/operation of the ISO 27001, and since one requirement for an auditor is impartiality (an auditor cannot audit his own work), this person will not be able to perform the auditor role.

The best course of action would be to train an employee to perform internal auditor or hire an external auditor.

This article will provide you further explanation about performing audits:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
Quote
0 0
Guest
aduffield Aug 07, 2019
Ok, thanks Rhand.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 25, 2019

Aug 07, 2019

Suggested Topics