Some pitfalls to avoid when organising and conducting an ISO 27001 audit include:
- Not communicating the scope and criteria effectively enough for the audit and inadequate planning/confirmation with the departments/areas being audited.
- Allowing auditees to assume control of the audit, potentially avoiding responses to the questions asked
- Not collecting adequate objective evidence to support statements of conformance or nonconformance
- Allowing subjectivity to influence audit findings and conclusions - i.e. not being objective
- Being poorly prepared and not understanding the policies, clauses or controls that are being audited
- Following audit trails that are inconsequential and compromise the ability to conduct the audit in the available timeframe.
related BLog
No items found.
"
We have been using the services provided by URM for a couple of years now. They have been excellent in providing their expertise on ISO 27001 and SOC 2, which was instrumental in guiding us on our compliance and certification journey. Thanks to their professionalism and knowledge, we continue to obtain certifications smoothly and with confidence.
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.