Guidance for Improving your Internal Audits For an Information Security Management System
Welcome to the ISO Review Podcast
In this episode, Howard and Jim discuss, Guidance for Improving your Internal Audits for an Information Security Management System.
Highlights include:
- Does the information security auditor have the proper security clearance to access documented information.
- Person Identifiable Information, or other sensitive information, must be handled properly according to any legal requirements that the organization might have.
- Companies that outsource their internal audit activities, need to ensure that the outsourced auditor needs to be vetted to make sure they can view a sensitive information.
- The lead auditor needs to determine the extent to which evidence that's not available to the audit team during the audit, affects the confidence in the audit findings.
- The auditor needs to verify that any documentation required by the audit criteria is going to be available, and that controls have been put in place by the organization that they're auditing.
- The introduction of Annex A and the Statement of Applicability (SOA) as described in ISO 27002:2022.
In The Next Episode
Howard & Jim will review the changes in the new edition of ISO 27001:2022
Next Steps
Click here to discover more information about the International Management System Institute on our website and to sign up for our newsletter.
Click here to visit the SimplifyISO website to discover how our cloud-based management system will satisfy all the Standards requirements, client requirements, and any other ISO requirements that you have to meet.
More about Jim on LinkedIn & YouTube
LinkedIn: https://www.linkedin.com/in/simplifyiso/
LinkedIn Articles: https://www.linkedin.com/in/simplifyiso/detail/recent-activity/posts/
YouTube: https://www.youtube.com/channel/UCrt2Hgj-5AjHKEvyf2ssZ8g
More about Howard
Click here to learn more about the Coaching and Podcast Services provided by Fox Coaching, inc.