I was going to let this one lie but as you've come back to me directly (and still nicely!

)
Boris, I'm not sure where you are coming from with your comments but I think we are on the same page.
My post was in reply to your statement:
[FONT="]It's not a matter of "preference" it's a matter of legality. <snip> .....
Unless it is stated & documented in company policy, they have every right to bring in recording devices. While that may not sit well with most, it’s legally sound. <snip>
Hence my reference to documented policies and procedures that I say are irrelevant in this matter.
Point #1 - This is a "legal" matter not necessarily, though relative, to ISO or standards in general (with exceptions). While it can be tied to the respective standard, organizations do have policies/restrictions that are not necessarily tied to ISO, or a particular standard. For example in most organizations finance is not included in the scope of an audit, but they still have policies & practices that they apply to the process, yet its deemed in-auditable by the organization for confidentiality reasons, understandably, especially for small businesses.
I agree that it has nothing to do with ISO standards exept we seem to have narrowed the debate down to 2nd and 3rd party audits - typically against one of the ISO standards. I don't understand your reference to finance systems and how they help this discussion. I realize they have policies and procedures, what we are talking about is a practice (media recording) that generally is not covered by policy or a procedure (but sometimes is for companies that want to document their security policy).
Point # 2 -
Sydney’s' statement about consistence is spot on. Generally if an external body has any right to record media they will ascertain proper authorization prior to doing so. However, that's not the heart of this debate, it's whether or not there is a right.
As ever, Sydney is spot on. The value of recorded media as objective evidence is not questioned. My point is that 2nd and 3rd party auditors should not expect to be able to use it and, in any case, they have sufficient powers to record findings without shoving pictures or videos into an embarrassed auditee's face.
However:
(I'm playing Devils advocate, not trying to entice) if I came into your organization and started to take media records what can you back up that statement with if it went to upper management?
This would not be an issue because you wouldn't be allowed to record media on our sites so it wouldn't need backing up with the rest of my senior management team.
Point # 3 - Not all, most the industry are starting to adapt to the "media age". Organizations are starting to include media requirements in privacy rights. Again, It might not be, but should be, tied to their respective QMS.
I am not a Luddite here. I can see the value of recordings in internal audit and (at a push) in regulatory audits but I will not accept a 2nd or 3rd party auditor recording their evidence on my site. It is not a question of copyright but of protecting my company's image and reputation.