It’s time for the annual ISO audit. We manage a combined management system where Information Security is in many parts integrated within the business main and supporting processes.
This is our third annual ISO audit and I’m really looking forward to it. Going through these audits is a great opportunity to discuss further development, getting ideas for upcoming improvement.
There will for sure be non-conformity’s – there always will. With four standards in the system where ISO 27001 is one of them the auditors are extremely skilled and experienced. At the very first audit and somewhat in the second one, the auditors were quite focused on the overall management system. When the system gets to a more mature level, the auditors puts more focus on the details within and start to really test the 100 annex A controls in scope.