ISO 27001 Clause 9.2
Assign topic to the user
ISO 27001 does not prescribe how to name the function which performs internal audit, only that requirements for internal audit are fulfilled.
So, if you can comply with requirements from clause 9.2, then you can perform the internal audit job for ISO 27001. The requirements are:
- audits must be performed at planned intervals
- there must be an audit programme, defining frequency, methods, responsibilities, planning requirements and reporting
- there must be defined audit criteria and audit scope for each audit
- auditors must not have conflict of interest with the audited scope (e.g., auditors cannot audit their own work)
- auditors must have experience with performing audit and have knowledge of ISO 27001
- audit results must be recorded and communicated to relevant management
For further information, see:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Jun 03, 2022