Guest user Created: Mar 29, 2016 Last commented: Mar 29, 2016

Perform the internal audit

How do you recommend setting up Internal Audit for ISO 27001 in a small company? Everyone is so busy with their day to day tasks and no one is really qualified to 'audit.' I manage the Risk Assessment and the Compliance. Can I do the Audit, too?

0 0

Assign topic to the user

Select user

Guest

Antonio Jose Segovia Mar 29, 2016

Answer:
From my point of view, in your case, the best recommendation is to hire an external professional (or a company). If you have participated in the implementation of the ISO 27001, you cannot perform the internal audit, because it is a conflict of interest for the requirement 9.2 e) of ISO 27001:2013 : “select auditors and conduct audits that ensure objectivity and the impartiality of the audit process”.

Another easy option is that you select an employee in your organization, but this employee cannot be involved in the implementation of the ISO 27001, and this employee need to be also trained in ISO 27001, but the good news is that our online course can help you train your employees to perform the internal audit, and furthermore they will have a certificate, so, maybe can be interesting f or you “ISO 27001:2013 Internal Auditor Course” : https://advisera.com/training/iso-27001-internal-auditor-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 29, 2016

Expert Advice Community