Internal Audit in ISO/IEC 27001
Internal Audit in ISO/IEC 27001
ISO/IEC 27001 clause 9.2 requires:
The organization shall conduct internal audits at planned intervals to provide information on whether the information security management system:
a) conforms to
- the organization’s own requirements for its information security management system; and
- the requirements of this International Standard
b) is effectively implemented and maintained.
The organization shall:
…
- select auditors and conduct audits that ensure objectivity and the impartiality of the audit process;
- ensure that the results of the audits are reported to relevant management
…