Assign topic to the user
Answer:
IT General Controls are controls that are common to IT processes, providing stable and effective operation of application controls. They cover fields like creation / acquisition of systems, SDLC Process, access control, back up, change control, etc. ISO 27001 is one way to implement ITGC, providing objectives and, through ISO 27002, detailed implementation guidance.
For more information, please see: - The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
2.What is the difference between external and internal auditors and practically how internal auditor assists external auditor ?
Answer:
The internal auditor performs audits on behalf of the organization that owns the management system, while the external auditor performs audits on behalf of an organization's client (second-party auditor) or a certification body (third-party auditor). Norm ally the internal auditor may act as the guide for the external auditor, providing some general orientation for the performing of the external audit.
These articles will provide you further explanation about auditors:
- How to become ISO 27001 Lead Auditor https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/
- Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
- First-, Second- & Third-Party Audits, what are the differences? https://advisera.com/9001academy/blog/2015/02/24/first-second-third-party-audits-differences/
Comment as guest or Sign in
Dec 01, 2018