Some pitfalls to avoid when organising and conducting an ISO 27001 audit include:
- Not communicating the scope and criteria effectively enough for the audit and inadequate planning/confirmation with the departments/areas being audited.
- Allowing auditees to assume control of the audit, potentially avoiding responses to the questions asked
- Not collecting adequate objective evidence to support statements of conformance or nonconformance
- Allowing subjectivity to influence audit findings and conclusions - i.e. not being objective
- Being poorly prepared and not understanding the policies, clauses or controls that are being audited
- Following audit trails that are inconsequential and compromise the ability to conduct the audit in the available timeframe.
related BLog
No items found.
"
I found the course very informative, and the trainer was communicative, supportive and engaging. He is very skilled at adapting to the different types of people and transferring knowledge in a way that sticks with attendees; he delivered the same training over 2 years ago and I still remember the things he taught us. We will definitely be recommending him to other businesses that want to learn about ISO standards. Definitely a great asset to the company.
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.