Guest
Process-based vs control-based audit
What is the approach to auditing 27K? Do auditors audit business processes and check the application of the controls on them or do they look at each control and check their application across the organization?
Assign topic to the user
Expert
Dejan Kosutic
Oct 20, 2016
Answer: The audit process is not prescribed by any standard, so you can do it any way you feel is appropriate. In most cases, ISMS is audited per controls, not per processes, although you can do it per processes as well.
Did you see our free online training ISO 27001 Internal Auditor Course? It will explain you all the auditing techniques specific for ISO 27001: https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Oct 20, 2016
Oct 20, 2016
Oct 20, 2016