List of evidences / artefacts
Assign topic to the user
Example: HR security domain :-
Evidence required : Approved HR policy document, Roles and responsibility in the table in ISMS, Last 5 onboarded resources with training completed list and offboarded 5 resources list with offboard checklist and data removable certificate, access revoked mail confirmation. etc
Answer: It seems to me that you are making a mistake here.
When performing risk assessment there is no need to list evidences /artefacts. In this step you have to identify which risks are relevant considering the scope of the assessment.
Evidences and/or artefacts regarding the 114 controls from ISO 27001 Annex A are used when you perform either a gap analysis (to identify how many controls you already have implemented) or an audit (to evidence the controls implementation and performance).
For a list of questions regarding gap analysis, I suggest y ou to take a look at our free ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/
Its question-and-answer format allows you to visualize which specific elements of an information security management system are already implemented, and what still needs to be done.
For a list of questions regarding internal audit, I suggest you to take a look at the free demo of our Internal Audit Checklist at this link: https://advisera.com/27001academy/documentation/internal-audit-checklist/
For each clause or control from the standard the checklist provides one or more questions which should be asked during the audit in order to verify the implementation.
These articles will provide you further explanation about gap analysis, internal audit, risk assessment and checklists:
- ISO 27001 gap analysis vs. risk assessment https://advisera.com/27001academy/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/
- Risk assessment vs. internal audit in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/12/08/risk-assessment-vs-internal-audit-in-iso-27001-and-iso-22301/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
Comment as guest or Sign in
Mar 09, 2018