I just bought the termplate for Internal audit program, ISO27001 and I am wondering about the details. The template is very simple and doesn't really show how to ensure that the whole standard incl the security controls have been reviewed in a three year period which I understand is a requirement from our certification body. The template only includes detailing the areas (departments and processes for example) and other details such as methods, Criterias (which I understand would be iso27001 then) etc.
Isn't it also necessary to show in the program that we have a plan to ensure full review of the standard? And if so, how would you suggest this is inserted into the IA Program, using the Advisera template?
Assign topic to the user
Thank you for your question.
We answered it through Experta - you can find the answer here: https://experta.com/shared-post/e7443f68-d4e9-4cc1-b42a-43e51b4f99e7
Comment as guest or Sign in
Sep 18, 2024