Some pitfalls to avoid when organising and conducting an ISO 27001 audit include:
- Not communicating the scope and criteria effectively enough for the audit and inadequate planning/confirmation with the departments/areas being audited.
- Allowing auditees to assume control of the audit, potentially avoiding responses to the questions asked
- Not collecting adequate objective evidence to support statements of conformance or nonconformance
- Allowing subjectivity to influence audit findings and conclusions - i.e. not being objective
- Being poorly prepared and not understanding the policies, clauses or controls that are being audited
- Following audit trails that are inconsequential and compromise the ability to conduct the audit in the available timeframe.
related BLog
No items found.
"
The whole gap analysis process was very informative for all departments of the business. Our URM consultant was great at explaining the SOC2 audit process and what evidence may be required for each area. As a business, it has really assisted us in our implementation strategy and improving our compliance programme as a whole.
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.