When implementing ISO 27001, the International Standard for Information Security Management, organisations must follow a process of continual improvement and assure themselves that processes and controls they have implemented are working as intended. This is where internal auditing plays an absolutely pivotal role and getting the balance right regarding the approach (risk-based, process-based, control-based etc.) and how much auditing to provide assurance is vital.
Having been involved in over 300 successful ISO 27001 certifications URM Consulting Services (URM) is ideally placed to advise you on the essential activities and tasks you will need to carry out in order to have an effective ISO 27001 auditing function and programme. URM is delivering a series of webinars where it will address all the key components of a successful internal auditing programme. Following on from the overview webinar i.e., ‘The 6 pillars of success’, this webinar is the second in the series and provides invaluable advice on the critical foundation steps when planning your audit programme.
• Establishing and communicating benefits for conducting internal audits, particularly to senior management
• Factors to consider
• Audit programme methodology
• Audit programme scope
• Prioritisation of audits
• Ongoing management of programme
• Setting the audit criteria
• Logistical considerations