Effective Internal Audit
Part of running an effective ISO 27001 Information Security Management System (ISMS) or ISO 9001 Quality Management System (QMS) is to run an efficient internal audit programme. The purpose of the audit programme is to make sure the ISMS conforms to your own requirements as well as the requirements of the standard, and to check that it is working effectively.
If you have a good audit programme, you should get lots of improvements. If you don’t get lots of improvement, you should review your audit programme.
To run a successful internal audit programme you need skilled internal auditors. This will in some cases mean your staff would need to attend a training course. The auditor should also have a very good understanding of the standard that is being audited, i.e. ISO 27001 or ISO 9001 for example. Specifically for the ISO 27001, specialist knowledge of information security and some of the technical controls would be extremely beneficial. The auditor would need to be independent of the area being audited and lastly they need to be given time to prepare & run the audit and finally write up the audit reports and audit schedules.
Outsource Internal Audit
Many organisations chose to outsource the audit function to an external consultant, allowing employees to focus on the core business and leaving the auditing to an expert. By outsourcing you also get the added benefit of having a complete fresh set of eyes doing the auditing.
If you would like JSC Consultant to run your internal audit programme please get in touch and we will design and run an effective internal audit programme for you. As part of the internal audit programme we also have cloud based tools that can help you manage your audit actions and risks. See SharePoint ISMS tool to manage your ISMS or QMS.
Why chose JSC Consultant Solutions?
- Our Senior Consultants are highly trained and approved to do assessment work for the British Standards Institution (BSI), which is one of the leading certification body. Hence, we have seen numerous management systems and knows what it takes to get ISO 27001 certified.
- We are BSI Associated Consultant Platinum members which means we are trusted by BSI to deliver excellent consulting services.
- Our consultants all have a business background and will ensure you get a management system that will support your business, not a system that supports a standard.
- We have many clients that will be happy to speak to you about their experience using JSC Consultant Solutions