ISMS audits by the ISO27001 Lead Auditor
Get the valuable view from the outside
Internal system audits conducted by the external auditor
.
Internal system audits by an external auditor?
Yes, that can make perfect sense.
The problem:
For example, you have built up a management system and would like to have the certification maturity checked by an auditor before you go into the certification audit with your ISMS and thus uncover deviations that prevent certification in good time. Or an important end customer has requested proof of the independent audit of your IT security. Or you need support at short notice for the standard-compliant auditing of your security processes.
The solution:
Commission the internal audit externally. You get an external view of your management system, you avoid "operational blindness" and, incidentally, you fulfil one of the requirements of ISO27001 to have the ISMS audited by an independent body.
Approach
There is an international standard for planning and conducting internal audits: ISO 19011. I follow this standard for auditing and reporting. The assessment criteria are then of course dependent on the management system to be audited. The possibilities are:
Possible audit criteria
• Internal system audit with information security assessment according to ISO27001:2013 or ISO27001:2022 and all controls from Annex A of these standards
• Internal system audit according to ISO9001:2015 (only for IT service providers or as an integrated management system with the ISMS)
• Internal system audit in accordance with the current version of the ITSVO EKD (IT Security Regulation of the Protestant Church)
• Data protection audit for the audit of GDPR compliance and data protection management
Other audit criteria in the IT security area are also possible. Please contact me if you need other audit criteria.
Remote audits
Some audits can also be carried out "remotely" by means of a video conference. It goes without saying that a secure, data protection-compliant infrastructure is used for this.
Intended audience, requirements and expenditure
- Target audience:
- Small and medium-sized enterprises
- Prerequisites:
- Contractual coverage of the service: data protection contract (commissioned processing), confidentiality agreement and contract for ISMS services.
- Expenditure:
- Depending on the size of the company and the scope of application, an expenditure of 1 to several days is to be expected. This expenditure will be determined in a free and non-binding initial meeting.
Your benefits
• Audits on-demand at calculable costs
• You can provide evidence of independent audits
• You identify gaps in time and avoid costly re-audits
• If required, sustainable ISMS support is also possible
Further information
Would you like a non-binding initial meeting or personal consultation?
A simple request is all it takes!
Call me: 06423 963 410 or write to: info(at)vangestel.de