What does ISO/IEC 27001:2022 require for internal audits?
A.
A person designated by top management who can perform internal audits in all areas within the system scope
B.
Acquisition of a set of information security tools to document internal audits
C.
Conducting internal audits at planned intervals to provide information on whether the Information Security Management System conforms to the organization’s own requirements and to the requirements of ISO/IEC 27001:2022
D.
A consultancy to perform second-party internal audits accurately
ISO/IEC 27001:2022 requires the organization to conduct internal audits at planned intervals. These audits must determine whether the ISMS conforms to the organization’s own requirements for its ISMS and to the requirements of the standard, and whether the ISMS is effectively implemented and maintained. The standard does not require a specific tool, consultant, or one designated person to audit every area. Therefore, option C is correct.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit