First of all, auditor needs to be a SME, not only to the security management system, but also specifically in regards to ISO 27001. The reason is related to the fact that “terminology” or “particular definition” of terms is important. Then there are three simple aspects of any process or policy document which should have been adequately addressed by… Continue reading How to effectively audit any ISO 27001 process?