I am referring to ISO 27001 Internal Auditor Course.
In module 9 (Document review at 2:20) it is said the following:
"You can perform the document review on-site meaning in the auditee or premises, or you can also do it off-site – in your own office – it really does not matter, all you are doing is reading the documentation."
Is this really correct? This documentation is or can be classified and shouldn't leave the premises? I found that statement a bit strange.