Your organisation should aim to conduct internal audits on the mandatory clauses of the Standard, Annex A controls, other relevant controls, and your own organisational processes that support the implementation of your ISMS. The Standard promotes the use of a risk-based approach to auditing, i.e., the areas that are likely to suffer the greatest impact of a risk or is the most vulnerable should be prioritised. You should aim to have completed an audit on every element of your organisation at least once over a 3 year period.
related BLog
No items found.
"
We would like to pass on our gratitude to our consultant for all his hard work and advice during our 3-year re-certification and assessment against the new Standard. After seven days of auditing, we have two OFIs that the assessors have put forward from the audits. This pays testament to our URM consultant, his hard work, eye for detail and advice given, both during the audits and during all the works beforehand.
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.