Guest user Created: Mar 01, 2019 Last commented: Mar 01, 2019

Toolkit content

As for the Annual Internal Audit Program (I think that's one of the mandatory documents), I've seen the preview of the document. At the top it says "Internal audits according to ISO/IEC 27001 and ISO 22301/BS 25999-2 standards will be conducted in the following way". I was wondering why I have to do internal audits for ISO 22301/BS 25999-2 if I just want to be compliant with ISO 27001 for now?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Mar 01, 2019

Answer:

First of all, sorry for this confusion. In fact you do not have to perform internal audits for ISO 22301/BS 25999-2 if you want to be compliant with ISO 27001 only.

The "Annual Internal Audit Program" template was designed to be compliant with both ISO 27001 and ISO 223001/BS 25999-2 (these standards have the same requirements regarding internal audit), so the text on the template covers all these standards, but in the comments included in the template we show which text you can exclude in case you are using the template for only one of these standards.
This article will provide you further explanation about ISO 27001 internal audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/

These materials will also help you regarding ISO 27001 internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 INTERNAL AUDITOR COURSE https://advisera.com/training/iso-27001-internal-auditor-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 01, 2019

Expert Advice Community

Toolkit content

Toolkit content

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

Toolkit content

Toolkit content

Toolkit content - A.6.1