Expert Advice Community

Guest

ISO 27001 Auditor Question

  Quote
Guest
Guest user Created:   Dec 06, 2022 Last commented:   Dec 06, 2022

ISO 27001 Auditor Question

If the business is going with ISO 27001 External Audit by Certification authority, and the Auditor finds on the first day of Stage 1 audit that all mandatory documents are available with right information, except Internal audit was not performed by the client so no document related to Internal Audit Program, or Record available.

My opinion says it is a failed audit with major non conformity at Stage 1 Audit as mandatory requirement of Internal Audit was not performed. Should the Auditor stop the audit after notifying the client? Could you please suggest your opinion on this? Can the auditor suggest that the client undergo ISMS implementation training?

Your response will be highly appreciated.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Dec 06, 2022

Your assumption is correct. Lack of internal audit is a major nonconformity because it is a mandatory requirement. 

When a major nonconformity is found the auditor does not need to stop the audit, however, he needs to inform the customer that it will not be possible to recommend for certification.

Regarding the suggestion of implementation training, although it is common to make such a suggestion, first you need to evaluate if the reason for failing to comply with a mandatory requirement was due to lack of knowledge about the implementation process, or other operational cause, such as lack of personnel or resources.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 06, 2022

Dec 06, 2022

Suggested Topics