Get FREE 12-month access to the AI-Powered Knowledge Base worth $450
with your ISO 27001 toolkit purchase
Limited-time offer – ends June 27, 2024

Expert Advice Community

Guest

Project Manager as internal auditor

  Quote
Guest
Guest user Created:   Jun 15, 2019 Last commented:   Jun 15, 2019

Project Manager as internal auditor

I have an inquiry about if a Project Manager in charge of implementation of the ISO 27001 also can be the internal auditor of the ISMS and coexist with a CISO?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 15, 2019

Answer:

The project manager is involved in most of the activities related to the implementation of the ISO 27001, and since one requirement to be observed for an auditor is impartiality (an auditor cannot audit his own work), this person will not be able to perform the auditor role. The same applies to CISO, since he is responsible for reporting the ISM performance.

The best course of action would be to train an employee to perform internal auditor or hire an external auditor.

These articles will provide you further explanation about internal audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 14, 2019

Jun 14, 2019