ISO 27001 external audit for rest of employees
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
In interviews with employees, the certification auditor will look if people are familiar with the documentation and use them while performing daily activities, i.e., check that the ISMS is working in the company.
Considering that, the auditor will make questions about their degree of knowledge of, at least, the most important documents that apply to them: Information Security Policy, confidentiality clauses, acceptable use of assets, Access Control Policy, etc.
Examples of possible questions are:
- “Do you have access to the internal rules of the organization in relation to information security?”
- “Can you show me some of the related policies?”
- “Could you tell me what are the points that you consider most important in the policy?”
For further information, see:
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
Please note that when you say “the rest of *** employees (the ones who are not currently set up to be members of the ISMS in Conformio).”, for certification purposes you need to consider only those employees that are part of the ISMS scope (the auditor will not interview people outside the ISMS scope).
Comment as guest or Sign in
Jun 14, 2022