I have started reading your book and it looks great. Kindly help me with the following,
I want to find out if Audit checklist is a requirement or a choice to the auditor whether to use a checklist or not.
Also do you have any idea on how to effectively manage corrective actions.
What is the difference between Nonconformity/Conformity and Noncompliance/Compliance.
Please, your response is much appreciated.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
1 - I want to find out if Audit checklist is a requirement or a choice to the auditor whether to use a checklist or not.
Answer: The audit checklist is not a requirement for ISO 27001, although it is a good practice, because it helps the auditor not forget to look for relevant evidences during the audit.
For further information see:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
This material will also help you regarding internal audit:
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
2 - Also do you have any idea on how to effectively manage corrective actions.
Answer: To effectively manage a corrective action you must:
1. Review the nonconformity
2. Determine the cause of nonconformity and if similar nonconformity already exists
4. Evaluate the need for action to eliminate the nonconformity
5. Determine the actions needed to eliminate the causes of nonconformity and to ensure that nonconformities do not recur
6. Implement of planned actions
7. Review whether the action taken resulted in the elimination of causes of nonconformity
8. Inform all persons concerned that corrective action has been implemented and make changes to the ISMS, if necessary
To see how a document which describes how to handle corrective actions compliant with ISO 27001 looks like, please see the template demo at this link: https://advisera.com/27001academy/documentation/procedure-for-corrective-action/
For further information, see:
- Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/
3 - What is the difference between Nonconformity/Conformity and Noncompliance/Compliance.
Answer: The basic difference is that noncompliance/compliance has legal consequences (e.g., failure to fulfill GDPR when handling EU citizens data is a noncompliance), while nonconformity/conformity is applied by voluntary choice (e.g., there is conformity when people is fulfilling the internal Access Control Policy ).
Comment as guest or Sign in
Sep 23, 2020