Internal Audit For ISO 27001 Requirement 9.2

What is covered under ISO 27001 Clause 9.2?

The International Standardisation Organisation will expect you to have carried out a number of planned internal audits of your information security management system. These audits will be reviewed independently by an external auditor at stage 2 of the accreditation.

These audits should ensure that the information security management system meets the goals and objectives of the business, as well as the requirements of ISO 27001.

  • Plan, establish, implement and maintain an audit programme
  • Define the scope and criteria
  • Appoint the internal auditors, ensuring objectivity and impartiality
  • Report results to the previously agreed staff member
  • Ensure all results and comments are documented in the information security management system

Ready to take action?

Discover how ISMS.online can help you achieve or improve on your ISMS objectives

 

Need ISO 27001 policies and controls for your ISMS?

ISMS.online includes practical policies and controls for your organisation to easily adopt, adapt and add to, giving you up to 77% head start with ISO 27001 documentation. 

 

 

Ready to take action?

Discover how ISMS.online can help you achieve or improve on your ISMS objectives

ISMS Online Rating: 5 out of 5
Share This