Whilst ISO 19011 is not mandatory, it is recommended that auditors align to this guidance where appropriate to the specific needs and requirements of their audit programme. Additional standards relevant to ISO 27001 may also be used when auditing individual elements of your ISMS:
- ISO 27007:2020 provides guidance on ISMS auditing and concentrates on Clauses 4-10 of the Standard
- ISO 27008:2019 provides guidance for the assessment of information security controls (Annex A of the Standard).
related BLog
No items found.
"
Whenever we have asked our QSA and account manager whether additional work is required outside of the annual cycle, there has never been a hard sell of any of URM’s services, and instead offer advice based on our compliance requirements and business needs.
CISO at University of Surrey
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.