Expert Advice Community

Guest

ISO 27001 Audit

  Quote
Guest
Guest user Created:   Aug 22, 2022 Last commented:   Aug 22, 2022

ISO 27001 Audit

Hi - I have a question regarding the ISO 27001 audit.

My company is going through this audit process.

We are currently going through a restructure in our People team and have 2 junior people in the department. We are in the process of recruiting an HR manager but will have the junior staff in the interim so no senior HR person within the business.

Would we fail on an audit because of this?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 22, 2022

The absence of an HR manager would be a problem in an audit only in case this absence impacts negatively information security in an unacceptable way (e.g., the relevant information is lost or information security processes are interrupted), and you do not have a planned treatment for this situation.  

If there are no negative impacts to information security due HR manager's absence, or devised actions like formally designating a temporary substitute (that could be one of the junior employees or a manager from another area) have reduced the risks to acceptable levels, this absence wouldn’t be a problem in the audit.

The best way to handle this situation is to include some kind of risk like “Loss of key personnel” in your information security risk management process and use the process to define if the risk is relevant or not, and in case it is relevant, define proper actions to treat the risk.

These articles will provide you with further explanation:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Aug 22, 2022

Aug 22, 2022

Suggested Topics