Yes - Clause 9.2 of the Standard makes this requirement explicit.  Remember, you must audit to assess whether your ISMS is meeting your own organisational requirements as well as the requirements of the Standard and that it is effectively implemented and maintained.

No items found.
"
The whole gap analysis process was very informative for all departments of the business. Our URM consultant was great at explaining the SOC2 audit process and what evidence may be required for each area. As a business, it has really assisted us in our implementation strategy and improving our compliance programme as a whole.
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.