ISO 27001 Internal Auditor Course Question
Wrt the Q/A listed below. I cannot see the relevance of the Question to the section being discussed Module 9 "Document Review"
Document review - quiz question
Not sure I follow the answer (2) to this question in context of Document Review
Q: When performing the document review you must take into account:
1. Only the context of the organization, including its size and complexity. – Incorrect! These are not the only elements that should be considered when performing the document review.
2. The risks and opportunities associated to the context of the organization. – Correct!
3. The clause order of the ISO standard, so you can follow the exact sequence during the document review. – Incorrect! It is not mandatory to follow the sequence of the clauses of an ISO standard, you must follow the sequence that you believe is the most efficient and effective.
4. All the above. – Incorrect! a) and c) are not correct statements.
Please explain
Assign topic to the user
Please note that during document review the internal auditor must evaluate if documentation is compliant not only with the standard’s requirements but also with identified risks and opportunities, as well as relevant aspects of organizational context.
For example, in case there is a relevant risk related to documentation being tampered with, the auditor needs to evaluate how the organization considers this in developing and managing the documents.
Regarding the context of the organization, if the business involves regular remote interaction with customers and suppliers, this also needs to be evaluated regarding documents.
Comment as guest or Sign in
Feb 21, 2023