Expert Advice Community

ISO 27007 vs ISO 19011 for auditing

  Quote
Brian Created:   Mar 30, 2020 Last commented:   Apr 01, 2020

ISO 27007 vs ISO 19011 for auditing

Hi, What are the key practical differences between these standards for auditing?  My organisation has decided to adopt ISO 27001 as a best-practice framework but there is currently no intention to certify and the project is not likely to start in the foreseeable (at least 12 months) future. We have several existing measures and controls, but it has been decided we need to look at an audit approach to determine maturity. Which of these frameworks would be best? Thanks, Brian.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 01, 2020

ISO 27007 is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme. ISO 19011 was designed to conduct internal or external audits in management systems in general.

ISO 27007 provides additional recommendations to the guidance provided by ISO 19011. For example where ISO 19011 states you must look for evidences for compliance, ISO 27007 will suggest specific evidences and tests for ISO 27001 clauses and controls from Annex A.

Considering that, for a specific ISO 27001 context, ISO 27007 is more recommended. If you have to also audit other ISO management systems, like ISO 9001 and ISO 14001, ISO 19011 would be a better choice.

This material can help you:
- ISO 27001:2013 Internal Auditor Course https://training.advisera.com/se/iso-14001-internal-auditor-course/o-27001-internal-auditor-course/

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Mar 30, 2020

Apr 01, 2020

Suggested Topics