Some pitfalls to avoid when organising and conducting an ISO 27001 audit include:
- Not communicating the scope and criteria effectively enough for the audit and inadequate planning/confirmation with the departments/areas being audited.
- Allowing auditees to assume control of the audit, potentially avoiding responses to the questions asked
- Not collecting adequate objective evidence to support statements of conformance or nonconformance
- Allowing subjectivity to influence audit findings and conclusions - i.e. not being objective
- Being poorly prepared and not understanding the policies, clauses or controls that are being audited
- Following audit trails that are inconsequential and compromise the ability to conduct the audit in the available timeframe.
related BLog
No items found.
"
URM has played a vital role in helping us and our clients achieve Cyber Essentials, Cyber Essentials Plus, and ISO 27001 certifications. URM's expertise and dedication have been key to the success of this process, and their assistance has enabled us to enhance our cybersecurity posture significantly and provide our clients with the highest level of protection against cyber threats.
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.