Process of ISO 27001 Audit
Assign topic to the user
I’m assuming your question is about a certification audit.
Considering that, to successfully clear a certification audit you need to implement the Information Security Management System according to ISO 27001 requirements, which involves:
- getting management buy-in for the project;
- defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding organizational and requirements of interested parties;
- development of risk assessment and treatment methodology;
- perform a risk assessment and define a risk treatment plan;
- controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
- people training and awareness;
- controls operation;
- performance monitoring and measurement;
- perform internal audit;
- perform management critical review; and
- address nonconformities, corrective actions, and opportunities for improvement.
This article will provide you a further explanation about ISMS implementation:
- ISO 27 001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
About required documents, please see this article:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
To see how documents compliant with ISO 27001 looks like, please take a look at the free demo of our ISO 27001 Documentation Toolkit: https://advisera.com/27001academy/iso-27001-documentation-toolkit/
Comment as guest or Sign in
Jan 25, 2022