Internal audit procedure -report publishing and maintenance

Critical
High
Normal
Low

The organization has established a procedure for conducting internal audits. The procedure shall describe at least:

  • how often audits are carried out
  • who may carry out the audits (including audit criteria)
  • how the actual audit is carried out
  • how audit results are documented and to whom the results are reported
Connected other frameworks and requirements:
ID.GV-3: Legal and regulatory requirements
NIST CSF
7.5: Requirements for documented information
ISO 27001
9.2: Internal audit
ISO 27001

Executing and documenting internal audits

Critical
High
Normal
Low

The organization conducts internal audits in accordance with its internal audit procedure. The aim is to check:

  • whether the information security management system complies with the organisation's cyber security requirements
  • whether the information security management system complies with other operational security requirements or standards complied with
  • whether the information security management system is implemented effectively

Documented information on the execution and results of audits must be kept.

Connected other frameworks and requirements:
18.2.1: Independent review of information security
ISO 27001
12.7: Information systems audit considerations
ISO 27001
12.7.1: Information systems audit controls
ISO 27001
ID.GV-3: Legal and regulatory requirements
NIST CSF
5.35: Independent review of information security
ISO 27001
No items found.