URM’s blog explains how organisations can unintentionally and without realising fall into scope of the PCI DSS, despite not directly handling card data.

Events

About Us

About URM

Overview

URM Core Values

Certifications

CSR

Testimonials

Partners

Our Partners

Become Partner

Subscribe to our mailing list

Governance, Risk Management and Compliance

Information Security

Internal Audit

FAQ

What are the pitfalls to avoid in conducting ISO 27001 audits?

Some pitfalls to avoid when organising and conducting an ISO 27001 audit include:

Not communicating the scope and criteria effectively enough for the audit and inadequate planning/confirmation with the departments/areas being audited.
Allowing auditees to assume control of the audit, potentially avoiding responses to the questions asked
Not collecting adequate objective evidence to support statements of conformance or nonconformance
Allowing subjectivity to influence audit findings and conclusions - i.e. not being objective
Being poorly prepared and not understanding the policies, clauses or controls that are being audited
Following audit trails that are inconsequential and compromise the ability to conduct the audit in the available timeframe.

Contact Audit Experts Today

related BLog

No items found.

URM have carried out our PCI DSS assessments for nearly 10 years. During that time they have shown expertise and commitment in helping us reach our goals. Last year we decided to go for Cyber Essentials Plus and had no hesitation in getting URM to assess us for that.

Ctalk