Hi - I am getting ready to conduct an ISO 27001:2013 internal audit of an organization. The plan was to conduct onsite visits in other countries. Question: Can I conduct a remote audit if possible?
Assign topic to the user
A remote internal audit is possible, provided that required evidence of conformance does not need the physical presence of the auditor on-site. For example, to audit the conformance of an information system that can be remotely accessed or the conformance of a procedure, there is no need for the auditor's presence (he only needs to have access to the system or receive a scanned copy of physical documents and records). On the other hand, to audit the conformance of physical security controls, it might be necessary for the auditor to be on-site if the company cannot provide evidence of such controls remotely (e.g. through photographs, plans, maps, etc.).
Comment as guest or Sign in
Nov 15, 2019