Guest user Created: Aug 19, 2016 Last commented: Aug 19, 2016

Is internal audit mandatory?

I have been assisting one of my clients for the last year or to implement an ISMS. We are now at the stage where an internal audit (stage 1)has to be conducted. The question that I need to ask is this: The client does not have an Internal Audit Department. Would it be possible to assist the client in doing a self-assessment instead of the stage 1 audit? Is the internal audit mandatory for final certification or would a self-assessment serve the same purpose? A tentative date for the Management Review has already been set and the client is also in the process of looking for a Certification Auditor to conduct the Stage 2 Audit.

0 0

Assign topic to the user

Select user

Expert

Dejan Kosutic Aug 19, 2016

Answer:

"Stage 1 audit" is normally part of the certification audit, this should not be confused with the internal audit.

Internal audit is mandatory according to ISO 27001, but in fact it is rather similar to self-assessment - you have to make sure you comply with all the rules (policies, procedures and plans) you have written. You can easily train an internal auditor using this free online training: ISO 27001 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 18, 2016

Expert Advice Community