Expert Advice Community

Guest

ISO 27001 external audit for rest of employees

  Quote
Guest
Guest user Created:   Jun 14, 2022 Last commented:   Jun 14, 2022

ISO 27001 external audit for rest of employees

As part of ISO 27001 external audit and apart from the security awareness training, we would like to inquiry on topics the auditor will be interviewing the rest of *** employees (the ones who are not currently set up to be members of the ISMS in Conformio). Currently, we are a bit concerned about what questions the auditor might be asking employees and some directions from you would be much useful.

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 14, 2022

In interviews with employees, the certification auditor will look if people are familiar with the documentation and use them while performing daily activities, i.e., check that the ISMS is working in the company.

Considering that, the auditor will make questions about their degree of knowledge of, at least, the most important documents that apply to them: Information Security Policy, confidentiality clauses, acceptable use of assets, Access Control Policy, etc.

Examples of possible questions are:

  • “Do you have access to the internal rules of the organization in relation to information security?”
  • “Can you show me some of the related policies?”
  • “Could you tell me what are the points that you consider most important in the policy?”

For further information, see:

Please note that when you say “the rest of *** employees (the ones who are not currently set up to be members of the ISMS in Conformio).”, for certification purposes you need to consider only those employees that are part of the ISMS scope (the auditor will not interview people outside the ISMS scope).

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 14, 2022

Jun 14, 2022

Suggested Topics

Guest user Created:   Jan 26, 2022 ISO 27001 & 22301
Replies: 1
0 0

ISMS

Guest user Created:   Jan 26, 2021 ISO 27001 & 22301
Replies: 1
0 0

CISO