ISO 27001 audit and implementation

Generally speaking, you need to understand the objectives the client wants to achieve, its line of business, and how the business is organized. Based on this information you can develop additional questions and identify additional persons to talk to.

Please note that there are no set of definitive questions to be asked, only general topics to be covered.

To become an ISO 27001 auditor or ISO 27001 implementer, you should first acquire experience in these fields, and the most common ways are to work inside your current company auditing/implementing information security or working for an established consultant.

For more information about auditing/implementing ISO 27001 and how to become a consultant, please read:

• What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
• What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
• How to become an ISO 27001 / ISO 22301 consultant https://advisera.com/27001academy/blog/2014/07/21/how-to-become-an-iso-27001-iso-22301-consultant/

These materials will also help you regarding ISO 27001 auditing/implementation:

• Free online training ISO 27001 Lead Auditor Course https://advisera.com/training/iso-27001-lead-auditor-course/
• Free online training ISO 27001:2013 Lead Implementer Course https://advisera.com/training/iso-27001-lead-implementer-course/