Академический Документы
Профессиональный Документы
Культура Документы
[Organization logo] Commented [EU GDPR2]: All fields in this document marked
by square brackets [ ] must be filled in.
[Organization name]
Date of version: take a look at this book: ISO Internal Audit: A Plain English
Guide
https://advisera.com/books/iso-internal-audit-plain-english-
Created by: guide/
Commented [EU GDPR4]: The document coding system
Approved by: should be in line with the organization's existing system for
document coding; in case such a system is not in place, this line
may be deleted.
Confidentiality level:
©2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the License
Agreement.
[organization name] [confidentiality level]
Change history
Date Version Created by Description of change
Table of contents
1. PURPOSE, SCOPE AND USERS ..............................................................................................................3
4. MANAGING RECORDS KEPT ON THE BASIS OF THIS DOCUMENT .........ERROR! BOOKMARK NOT DEFINED.
©2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the License
Agreement.
[organization name] [confidentiality level]
This procedure is applied to all activities performed within the Information Security Management
System (ISMS) and all personal data processing activities in the company.
Users of this document are [members of top management] of [organization name], as well as internal Commented [EU GDPR5]: Top management body within the
scope of the company.
auditors.
2. Reference documents
ISO/IEC 27001 standard, clause 9.2
EU GDPR article 32 (1) (d) Commented [EU GDPR6]: Click here to read the full text of
GDPR Article 32:
Information Security Policy https://advisera.com/eugdpracademy/gdpr/security-of-processing/
Procedure for Corrective and Preventive Action
3. Internal audit
3.1. Purpose of internal audit
The purpose of internal audit is to determine whether procedures, controls, processes, arrangements
and other activities within the ISMS are in line with ISO 27001 standard, GDPR and other applicable
regulations, and the organization's internal documentation, whether they are effectively
implemented and maintained and whether they meet policy requirements and set objectives.
[Job title] approves an annual program for internal audits, written as outlined in the form in
Appendix 1.
One or more internal audits should be conducted in the course of one year, ensuring cumulative
coverage of the entire ISMS scope and all personal data processing activities. Internal audits are
planned based on risk assessment, as well as results of previous audits; they are usually conducted
before management review.
©2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the License
Agreement.