Is it necessary to supply the assessor with a record of the router configuration?
Hi. I have a question relating to ISO27001. Under an ISO audit, is it necessary to supply the assessor with a record of the router configuration?
Assign topic to the user
If this record of the router configuration is related to the information included in the certified ISMS scope (e.g., this router allows access to R&D servers, and R&D information is included in the ISMS scope), then it has to be audited at some point during the certification cycle (i.e., during surveillance audits), so the auditor can check if the router configuration allows access only for authorized entities, and as part of the certification process the auditor has the authorization to access this information to perform the audit.
This article may provide you further information:
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
Comment as guest or Sign in
Sep 17, 2020