BLACK FRIDAY DISCOUNT
Get 30% off on toolkits, course exams, Conformio, and Company Training Academy yearly plans.
Limited-time offer – ends December 2, 2024
Use promo code:
30OFFBLACK

Expert Advice Community

Guest

ISMS audit results for ISAE 3402 Type II Audit/Report

  Quote
Guest
Guest user Created:   Feb 24, 2020 Last commented:   Feb 24, 2020

ISMS audit results for ISAE 3402 Type II Audit/Report

Do you think it is possible to use the output of ISO27001 controls/monitoring/records in an appropriate ISAE3402 Type II Audit/Report?

In ISAE3402, the auditor checks results/KPIs of a predefined set of controls against control objectives for a given time period of the past and produces an „Assurance Report“.

It sounds to me as if ISAE3402 is just only the „Check“ Part of the PDCA cycle of the ISMS?

It would be great to combine the 2 Standards (provided the ISA3402 scope is Information Security related, of course) and simply use the controls which have been documented by the ISMS, and using the monitor output and internal audit output for the auditor.

Is that common practice?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 24, 2020

We're not experts in this field, but in general ISAE3402 Type II Audit/Report (SOC 2) reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy, and considering the ISMS scope is related to the scope of the ISA3402 report, it seems perfectly possible to use ISMS outputs to your ISA3402 report.

The ISMS provides a framework for implementation, operation, and improvement of information security, while ISA3402 is a verification that implemented measures are working as expected.

This information (from the official site of American Institute of CPAs) about SOC 2 and ISO 27001 can be interesting for you: https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/othermapping/trust-services-map-to-iso-27001.xlsx

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 24, 2020

Feb 24, 2020