Executing and documenting internal audits

Critical
High
Normal
Low

The organization conducts internal audits in accordance with its internal audit procedure. The aim is to check:

  • whether the information security management system complies with the organisation's cyber security requirements
  • whether the information security management system complies with other operational security requirements or standards complied with
  • whether the information security management system is implemented effectively

Documented information on the execution and results of audits must be kept.

Connected other frameworks and requirements:
18.2.1: Independent review of information security
ISO 27001
12.7: Information systems audit considerations
ISO 27001
12.7.1: Information systems audit controls
ISO 27001
ID.GV-3: Legal and regulatory requirements
NIST CSF
5.35: Independent review of information security
ISO 27001
No items found.