brianhopla Created: Jun 25, 2018 Last commented: Jun 28, 2018

ISO22301 Internal Audit

I am currently undertaking a pre-certification BCMS project. I also manage certified information security and quality management systems and for these I use a sampling methodology for internal audits which is quite straightforward as there is plenty of scope for samples under these systems. I am struggling to determine what samples I can use for the BCMS internal audit, especially pre-certification. What would you recommend? Thanks, Brian.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jun 28, 2018

To define samples for a BCMS internal audit you should consider:
- contracts and regulations you must comply with (policies and procedures related to the most critical or most frequent requirements should be sampled)
- the results of business impact assessment (policies and procedures related to the most critical elements identified in the BIA should be sampled)
- Business continuity plans and related records

These articles will provide you further explanation about defining an audit checklist:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jun 25, 2018

Jun 28, 2018

Expert Advice Community