ISO 27001 Toolkit Support
Assign topic to the user
First is important to note that guidance provided by ISO 27002 is not mandatory to be implemented when implementing ISO 27001, so auditors cannot raise non-conformities based on ISO 27002 when auditing against ISO 27001.
Specifically for control A.6.5 Responsibilities after termination or change of employment, the auditor needs to look for, and only for, responsibilities and duties defined for those that are no longer working for the organization, or that changed activity, how these are enforced, and how these are communicated to relevant personnel and interested parties (the Confidentiality Statement cover these requirements). It does not prescribe the development of a leaving procedure, nor which roles need to develop or review the way the control is implemented.
Considering that, the comment "The leaving procedure of people is only technical; Must be reviewed with HR point of view." Can be at most an opportunity for improvement, not a non-conformity.
As for the other situations you have, a tip for evaluating them is to compare the auditor’s comments considering only what is required by ISO 27001.
This article will provide you with further explanation about nonconformities:
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
- Major vs. minor nonconformities in the certification audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
These materials will also help you regarding internal audit:
- Preparing for ISO Certification Audit: A Plain English Guide https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Jul 01, 2022