Expert Advice Community

Guest

Module 9 - reviewing documents off-site

  Quote
Guest
Guest user Created:   Jul 06, 2021 Last commented:   Jul 06, 2021

Module 9 - reviewing documents off-site

I am referring to ISO 27001 Internal Auditor Course. In module 9 (Document review at 2:20) it is said the following: "You can perform the document review on-site meaning in the auditee or premises, or you can also do it off-site – in your own office – it really does not matter, all you are doing is reading the documentation." Is this really correct? This documentation is or can be classified and shouldn't leave the premises? I found that statement a bit strange.

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 06, 2021

You are partially correct. While some documents can be classified in a way that forbids them to leave premises, you may need to make such documents available to the internal auditor when he is off-premises (e.g., during a remote audit due to pandemic) because they are related to mandatory clauses, or are paramount to evaluate a specific control. In these cases, you need to evaluate related risks and implement proper controls to decrease risks to acceptable levels (e.g., sign a specific NDA, provide only access to electronic version through a secure connection to your network, etc.)

These materials will provide you a further explanation about remote audit:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Jul 06, 2021

Jul 06, 2021