Internal Audit in ISO/IEC 27001

Internal Audit in ISO/IEC 27001

ISO/IEC 27001 clause 9.2 requires:

The organization shall conduct internal audits at planned intervals to provide information on whether the information security management system:

a) conforms to

  1. the organization’s own requirements for its information security management system; and
  2. the requirements of this International Standard

b) is effectively implemented and maintained.
The organization shall:

  • select auditors and conduct audits that ensure objectivity and the impartiality of the audit process;
  • ensure that the results of the audits are reported to relevant management

Leave a Reply

Your email address will not be published. Required fields are marked *