ISO 22301 Maintenance Audit requirements
Assign topic to the user
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Sorry also forgot to ask, from an Internal Audit perspective. Our company is quite small and we have 1 internal auditor (me) - who serves as the audit/risk function within the company focusing mainly on the risk management area. Internal audits are only done on request by management as there are continuous external audits/security audits/pen tests taking place within the company (basically every month, there is an audit taking place) so there is no real audit plan in place for internal audit. Internal audit serves as more of a CRM role with the other auditors and basically manages and follows up on findings for the company.
Does that mean a fail for the Internal Audit section of the ISO 22301 audit or would that pass because there is an external audit plan that is maintained and findings and corrective actions are documented and managed by the internal auditor.
Sorry for all the questions, this audit has me in a bit of a panic.
In your first question I assume you refer to surveillance visits performed by certification bodies? They won't re-audit everything, just some areas of your BCMS they think are not developed enough. See also this article: Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
There is no special preparation for those surveillance visits, you just have to make sure you do everything you have written in your BCMS documentation. Here is one article that speaks about ISO 27001, but it is completely applicable to ISO 22301 as well: How to maintain the ISMS after the certification https://advisera.com/27001academy/blog/2014/07/14/how-to-maintain-the-isms-after-the-certification/
Regarding the internal audit, it doesn't really matter whether it is performed internally or by an external party as long as in this internal audit the auditor checks whether your company (1) complies with ISO 22301, and (2) complies all the policies, procedures and plans you have written in your BCMS. This article can help you: How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
Comment as guest or Sign in
Jan 12, 2016