Jump to topic
What does Clause 9.2 involve?
9.2 says the organisation shall conduct internal audits at planned intervals to provide information on whether the information security management system (ISMS):
- Conforms to the organisation’s own requirements for its information security management system; and meets the requirements of the ISO 27001 international standard;
- Whether the ISMS is effectively implemented and maintained
To achieve those goals the ISO auditor will look to see that the organisation has:
- Planned, implemented and maintained an audit programme
- Defined the audit criteria and scope for each audit
- Selected auditors who will be objective and impartial
- Ensured that audits are reported to relevant management
- Retained documented information as evidence
How to conduct internal audits on an ISMS to comply with 9.2
Alongside information security risk management, internal audits are popular in creating anxiety for those new to ISMS’ and in particular organisations that are going for their first ISO 27001 certification.
As such we have written a separate article on demystifying the internal audit requirements and expressing how an organisation can achieve it’s internal audit goals with much less stress and anxiety than first thought.
Get certified up to 5x faster with ISMS.online
Compliance doesn’t need to be complicated – ISMS.online is designed to help you achieve ISO 27001 certification quickly and affordably with no training required.
We’ve streamlined the ISO 27001 process with our Assured Results Method, an 80% Headstart, your own 24/7 Virtual Coach, easy onboarding and expert support.
Book a platform demo to see how ISMS.online can help your business
Book a demoCompliance doesn’t have to be complicated.
We've done the hard work for you, giving you an 81% Headstart from the moment you log on.
All you have to do is fill in the blanks.
