I would like to ask some references for managing the audit process based on ISO/IEC 27001, what is the most important thing? And I should start from where?
Answer:
For managing the audit process based on ISO/IEC 27001 the most important thing is to have a procedure where you can define the steps that you need to perform each audit, although it is not mandatory to have this procedure documented. By the way, here you can see the list of mandatory documents (and non mandatory) List of mandatory documents required by ISO 27001 (2013 revision) : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
So you can start establishing this procedure, defining the audit plan, the qualification of auditors, the report of the audit, etc.
You can also use our Internal Audit Toolkit, you can see a free version clicking on Free Demo tab : https://advisera.com/27001academy/iso-27001-22301-internal-audit-documentation-toolkit/
Finally, these articles can be interesting for you:
How to mak e an Internal Audit checklist for ISO 27001 / ISO 22301 : https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
Qualifications for an ISO 27001 Internal Auditor : https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
Comment as guest or Sign in
Jan 12, 2016