ISO27001认证 信息安全管理体系认证内部审核的要求
发布时间: 2020-12-01 10:45 点击:
Requirements for internal audit of ISO27001 certification information security management system certification
1、公司建立并实施《内部审核程序》,明确审核的目的、体制、程序等内容,确保公司ISMS的符合性和有效性,符合已识别的信息安全要求;
1. The company shall establish and implement the internal audit procedure to clarify the audit purpose, system, procedure and other contents, so as to ensure the conformity and effectiveness of the company's isms and meet the identified information security requirements;
2、审核组长负责监督内部审核的进行,并将审核情况报告信息安全负责人;
2. The audit team leader is responsible for supervising the internal audit and reporting the audit to the information security director;
3、公司按计划的时间间隔(不超过1年)组织内部审核;审核计划的安排应考虑部门的重要性及以往的执行情况;
3. The company shall organize internal audit according to the planned interval (no more than 1 year); the importance of the Department and the previous implementation shall be considered in the arrangement of the audit plan;
4、应安排具备审核员资格的人员进行审核,审核员不应审核自己部门的工作,以确保审核的公正性和客观性;
4. Auditors should not audit the work of their own departments to ensure the fairness and objectivity of the audit;
5、受审核部门应采取适当的措施,以消除发现的不符合项;
5. The audited department shall take appropriate measures to eliminate the found non conformity items;
6、审核员应对所采取措施的情况进行跟踪验证,确保不符合项的结案;
6. The auditor shall track and verify the measures taken to ensure the closure of non conformance items;
7、有关审核的所有记录应由信息安全战略推进组进行保存
7. All records related to the audit shall be kept by the information security strategy promotion group