Guest
Is internal audit mandatory?
I have been assisting one of my clients for the last year or to implement an ISMS. We are now at the stage where an internal audit (stage 1)has to be conducted. The question that I need to ask is this: The client does not have an Internal Audit Department. Would it be possible to assist the client in doing a self-assessment instead of the stage 1 audit? Is the internal audit mandatory for final certification or would a self-assessment serve the same purpose? A tentative date for the Management Review has already been set and the client is also in the process of looking for a Certification Auditor to conduct the Stage 2 Audit.
Assign topic to the user
Expert
Dejan Kosutic
Aug 19, 2016
Answer:
"Stage 1 audit" is normally part of the certification audit, this should not be confused with the internal audit.
Internal audit is mandatory according to ISO 27001, but in fact it is rather similar to self-assessment - you have to make sure you comply with all the rules (policies, procedures and plans) you have written. You can easily train an internal auditor using this free online training: ISO 27001 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Aug 18, 2016
Aug 18, 2016
Aug 18, 2016