Guest
Support re. internal audit section of ISO 27001 2022
The policy templates we received as part of our toolkit refer to ISO27001. Should this be changed to ISO27002?
Assign topic to the user
Expert
Rhand Leal
May 26, 2023
There is no need to change the templates’ reference to ISO 27002.
Please note that ISO 27001 is the main standard for Information Security Management Systems, while ISO 27002 is a supporting standard that can be used to help implement controls from ISO 27001 Annex A.
Additionally, in certification audits, the auditor reference is ISO 27001, not ISO 27002.
For further information, see:
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
Comment as guest or Sign in
May 26, 2023
May 26, 2023
May 26, 2023