[Insert Classification]
Implementation Guidance (this section must be removed from final version of the document)
Purpose of this document This is a checklist to be used as a prompter for questions during an internal audit.
Areas of the standard addressed The main areas of the ISO/IEC 27001 standard addressed by this document are: 9. Performance evaluation 9.2 Internal audit
General Guidance When conducting an internal audit it can be useful to have a list of standard questions to ask, organized according to the sections of the ISO/IEC 27001 standard. This makes the audit more interesting than simply reading the requirements from a spreadsheet. It’s possible that any one audit will not cover all parts of the standard so you may need to edit this checklist to cover the areas you need. You may also like to add further questions to the lists, depending on the type of organization you are auditing. At each stage, it is important that evidence is reviewed and recorded to prove that procedures etc. are in place.
Review Frequency We would recommend that this document is reviewed annually.
Toolkit Version Number ISO/IEC 27001 Toolkit Version 8 ©CertiKit.
Copyright notice Except for any third party works included in this document, as identified in this document, this document has been authored by CertiKit, and is © copyright CertiKit except as stated below. CertiKit is a trading name of Public I.T. Limited, a company registered in England and Wales with company number 6432088 and registered office at 5 Falcons Rise,
Page 1 of 20
ISMS-FORM-09-4