ISO 27001 Certification
Please be so kind as to enlighten me regarding the following:
As a Certified ISO 27001 and ISO 9001 Lead Auditor, what “Document” would I be required to provide a Client as to once I have Completed, for example a Conformio Implementation to the level of providing Statement of Applicability and assurance they are Compliant and ready to apply for a Certification Audit?
Assign topic to the user
The standard does not require a particular document that would mark an end of ISO 27001 implementation.
In the situation where you were not involved in the implementation, you could perform the internal audit (as defined in clause 9.2), and the results of this internal audit could be used to assess the level of compliance and readiness for the certification process. You can also show to your client the Statement of Applicability that displays which controls are already implemented - this is a good overview of how far the implementation has gone.
For further information, see:
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
Comment as guest or Sign in
Oct 26, 2022