Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends February 29, 2024
Use promo code:
EXAM20

Expert Advice Community

Guest

ISMS audit

  Quote
Guest
Guest user Created:   Feb 02, 2023 Last commented:   Feb 02, 2023

ISMS audit

How do perform an ISMS audit with efficient suggestion to consultant and client to ease the gap on the risk and controls in the standard?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 02, 2023

I’m assuming you are referring to an ISMS certification audit.

Considering that, to ease the gap between assessed risks and implemented controls, you should consider including in the risk management process personnel involved in the processes included in the ISMS scope, because these are the people most familiar with the most expected information compromise events and their consequences, which will make the identification of the relevant risks (i.e., those to be treated), easier.

Additionally, their familiarity with the processes in the ISMS scope will help define the most adequate controls and how to implement them.

For example, if the sales process is included in the ISMS scope, then, by including the sales manager and key users of the sales department to help the information security team identify risks, the gap between relevant risks and implemented controls will be smaller.

For further information see:

Quote
0 0
Guest
YUTING WU Feb 02, 2023

I will keep it as my guidance in after audit programs, thank you.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 02, 2023

Feb 02, 2023

Suggested Topics

Guest user Created:   Feb 03, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISMS audit fidings

Guest user Created:   Feb 13, 2018 ISO 27001 & 22301
Replies: 1
0 0

ISMS audit