Guest user Created: Jun 15, 2019 Last commented: Jun 15, 2019

Project Manager as internal auditor

I have an inquiry about if a Project Manager in charge of implementation of the ISO 27001 also can be the internal auditor of the ISMS and coexist with a CISO?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jun 15, 2019

Answer:

The project manager is involved in most of the activities related to the implementation of the ISO 27001, and since one requirement to be observed for an auditor is impartiality (an auditor cannot audit his own work), this person will not be able to perform the auditor role. The same applies to CISO, since he is responsible for reporting the ISM performance.

The best course of action would be to train an employee to perform internal auditor or hire an external auditor.

These articles will provide you further explanation about internal audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jun 14, 2019

Expert Advice Community