The original post: /r/cybersecurity by /u/Anubisgods on 2024-11-03 19:47:40.
Hello, it is a pleasure to greet you
I am preparing documentation related to ISO/IEC 27001 and ISMS.
And I have some doubts regarding the audit program, I have doubts as to how it should be structured, what should be audited and how I should divide the classification of these audits.
For example:
Should it directly avoid IT related departments or or should the scope of the audit program inhabit each of the departments of the organization?
What types of audits should you perform
If any professional related to ISO/IEC 27001 auditing or information security risk management could help me I would be very grateful.
Thank you
You must log in or register to comment.