nemys Created: Feb 26, 2018 Last commented: Feb 27, 2018

ISO 27001 Internal Audit for Human Resources

Hi There, I have been asked to conduct an internal audit for our HR department. I just wanted to see if there are certain clauses, I should pay particular attention to. I know I need to look through the SoA and look at all the applicable controls in place, but not sure about the clauses. Overall, the objective is to evaluate the operational management of security against the requirements defined in our policies and processes. Thanks in advance.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Feb 27, 2018

ISO 27001 clauses to be considered in an HR department audit are mainly related to sections 7.2 (competence), 7.3 (awareness), and 7.4 (communication).

Broadly speaking,you should verify how the organization has identified and ensured the necessary information security competence is available, how employees are aware of the importance of protecting information and how they can contribute, and how their need for communication are identified and ensured.

These articles will provide you further explanation about competence, communication and internal audit:
- How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-englis h-guide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 26, 2018

Feb 27, 2018

Expert Advice Community