ISO 27001_Audit

Aishwariya · Feb 28, 2023

Hi. I am Aishwariya From UAE, I am looking for audit tips on the group policy if the company is not using Microsoft suite.. mostly its G suite.. what would be the audit questions and evidences I might be looking for here?

yodon · Mar 2, 2023

With no intention of being disrespectful, it sounds like you're being asked to audit although you don't have any audit training or experience?

Aishwariya · Mar 13, 2023

Hi.. thank you yodel, nothing to disrespect your reply and intention, but asking question does not mean that I do not have experience, every forum is a learning, I have asked to learn. Not only can auditor asks the questions, also the audit..

Jim Wynne · Mar 13, 2023

Aishwariya said:
Hi. I am Aishwariya From UAE, I am looking for audit tips on the group policy if the company is not using Microsoft suite.. mostly its G suite.. what would be the audit questions and evidences I might be looking for here?

If you're doing an internal audit, it should be informed by your company's own requirements. Presumably, those internal requirements are based on requirements of the standard. BTW, "G Suite" is now Google Workspace.

John Broomfield · Mar 13, 2023

Aishwariya said:
Hi. I am Aishwariya From UAE, I am looking for audit tips on the group policy if the company is not using Microsoft suite.. mostly its G suite.. what would be the audit questions and evidences I might be looking for here?

The management system responsible for the design, delivery and upkeep of Google Apps received ISO 27001 certification over ten years ago according to this report:

https://www.itpro.co.uk/640891/google-apps-for-business-gets-iso-27001-certification

So, it appears that you have no inherent problem using the “G-Suite” instead of Office 365.

geoffairey · Apr 19, 2023

John Broomfield said:
The management system responsible for the design, delivery and upkeep of Google Apps received ISO 27001 certification over ten years ago according to this report:

Google Apps for Business gets ISO 27001 certification

So, it appears that you have no inherent problem using the “G-Suite” instead of Office 365.

The system itself (Google Workspace) may be Certified, but if it's not used in a compliant way by the organisation, then it won't comply with the standard. e.g if shared logons are used, this would fail basic access control requirements.

John Broomfield · Apr 19, 2023

geoffairey said:
The system itself (Google Workspace) may be Certified, but if it's not used in a compliant way by the organisation, then it won't comply with the standard. e.g if shared logons are used, this would fail basic access control requirements.

Of course.

Thread starter	Similar threads	Forum	Replies	Date
T	ISO 27001 sample audit report	IEC 27001 - Information Security Management Systems (ISMS)	5	Feb 27, 2020
B	Integrating ISO 9001/27001 External Audits - Audit Time Reduced? Discounts?	ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards	4	Jan 15, 2018
A	ISO 27001 function wise or department wise audit questionnaire with control & clauses	IEC 27001 - Information Security Management Systems (ISMS)	3	Mar 24, 2015
C	ISO 27001:2013 ISMS Internal Audit Checklist/Questionnaire	IEC 27001 - Information Security Management Systems (ISMS)	36	Jul 15, 2014
S	Checklist for ISO 27001 ISMS Internal Audit	IEC 27001 - Information Security Management Systems (ISMS)	3	Feb 6, 2012
A	ISO 27001:2005 ISMS Internal Audit Checklist/Questionnaire	IEC 27001 - Information Security Management Systems (ISMS)	14	Jun 10, 2010
H	Calculation of Audit Man-days; ISO 27001	Registrars and Notified Bodies	14	Jan 9, 2009
L	ISO 27001:2022	IEC 27001 - Information Security Management Systems (ISMS)	1	Jan 30, 2023
	Informational ISO/IEC 27001:2022 has been published	IEC 27001 - Information Security Management Systems (ISMS)	0	Dec 10, 2022
B	Multisite Certification Requirements for ISO 27001	IEC 27001 - Information Security Management Systems (ISMS)	8	Nov 6, 2022
D	ISO 27001:2022 Harmonisation Timeline	IEC 27001 - Information Security Management Systems (ISMS)	3	Nov 4, 2022
R	ISO 27001 Mandatory Policies , Procedures and Records	IEC 27001 - Information Security Management Systems (ISMS)	0	Jul 23, 2022
T	ISO 27001 - 4.3 c - Interfaces and dependencies between activities - how to consider these?	IEC 27001 - Information Security Management Systems (ISMS)	2	Feb 7, 2022
H	Asset Inventory - documents and people (ISO 27001)	IEC 27001 - Information Security Management Systems (ISMS)	1	Aug 10, 2021
R	ISO 27001 implementation	IEC 27001 - Information Security Management Systems (ISMS)	3	Jul 15, 2021
Y	How can i integrate ISO 13845 into ISO 27001?	ISO 13485:2016 - Medical Device Quality Management Systems	4	Jun 1, 2021
N	ISO 27001 for Jumb Burger - Risk Assessment sheet	IEC 27001 - Information Security Management Systems (ISMS)	14	Jan 29, 2021
M	Choosing Auditors - ISO 9001 / ISO 27001 (UK)	IEC 27001 - Information Security Management Systems (ISMS)	2	Nov 1, 2019
M	ISO 27001 ISMS scope for companies with subsidiaries	IEC 27001 - Information Security Management Systems (ISMS)	0	Sep 11, 2019
S	How to Learn all aspects of ISO 27001:2013 \| The best way to grab the knowledge on 27001:2013 (Step by Step)	IEC 27001 - Information Security Management Systems (ISMS)	7	Jun 6, 2019
P	Relevance of Offsite backups process compliance and ISO 27001 certification.	IEC 27001 - Information Security Management Systems (ISMS)	3	Mar 13, 2019
P	Why does the standard clause use the term Issues in place of Context - ISO 27001 4.1	IEC 27001 - Information Security Management Systems (ISMS)	3	Mar 12, 2019
P	What is the exact difference between Risk and Opportunity in context of ISO 27001?	IEC 27001 - Information Security Management Systems (ISMS)	7	Mar 10, 2019
L	Implementation of ISO 27001 as part of the GDPR compliance journey	Other Medical Device Related Standards	2	Sep 20, 2018
	Is ISO/IEC 27001 appropriate for most small businesses?	IEC 27001 - Information Security Management Systems (ISMS)	2	Jul 30, 2018
A	Policies Mandatory or essential for ISO 27001 implementation	IEC 27001 - Information Security Management Systems (ISMS)	6	Apr 18, 2018
A	ISO/IEC 27001 - Issue during implementation of system	IEC 27001 - Information Security Management Systems (ISMS)	3	Mar 26, 2018
A	ISMS implementation - ISO 27001: 2013 Company Objectives	IEC 27001 - Information Security Management Systems (ISMS)	1	Feb 1, 2018
	ISMS Auditing Guideline V2 (based from ISO/IEC 27001:2013)	IEC 27001 - Information Security Management Systems (ISMS)	8	Oct 5, 2017
K	Risk Assessment Registry - ISO 27001	IEC 27001 - Information Security Management Systems (ISMS)	9	Sep 27, 2017
	ISO/IEC 27001:2016 Overview and Vocabulary - FREE!	IEC 27001 - Information Security Management Systems (ISMS)	3	Jul 15, 2016
	ISO/IEC 27001 Mandatory Documentation Checklist	IEC 27001 - Information Security Management Systems (ISMS)	1	Jul 7, 2016
P	Recommended books on ISO 27001:2013 Implementation and Internal Auditing	IEC 27001 - Information Security Management Systems (ISMS)	4	Jun 4, 2015
S	Sample document for integrated ISO 20000 & ISO 27001	Other ISO and International Standards and European Regulations	3	Mar 20, 2015
W	What are the benefits of ISO 27001 for my IT Organization	IEC 27001 - Information Security Management Systems (ISMS)	3	Mar 19, 2015
S	Clarification in organizing required documents for ISO 27001	IEC 27001 - Information Security Management Systems (ISMS)	6	Mar 9, 2015
A	Risk Register template as per ISO 27001:2013 wanted	IEC 27001 - Information Security Management Systems (ISMS)	9	Feb 10, 2015
	Sharing a Statement of Applicability (SOA) for ISO/IEC 27001:2013	IEC 27001 - Information Security Management Systems (ISMS)	2	Dec 27, 2014
S	ISO 27001:2013 - How to document Context Of the Organization	IEC 27001 - Information Security Management Systems (ISMS)	13	Dec 23, 2014
G	ISO 27001 for a Hosting Provider	IEC 27001 - Information Security Management Systems (ISMS)	3	Apr 24, 2014
P	ISO 27001:2013 Clause 4.1 and 4.2 Clarification and Guidance	IEC 27001 - Information Security Management Systems (ISMS)	13	Apr 21, 2014
W	Working in a company where we try to implement ISO 27001	IEC 27001 - Information Security Management Systems (ISMS)	9	Dec 6, 2013
L	Where to purchase ISO/IEC 27001:2013	IEC 27001 - Information Security Management Systems (ISMS)	3	Dec 4, 2013
L	Implementing ISO 27001 A12.1.1 Security Requirements Analysis and Specification	IEC 27001 - Information Security Management Systems (ISMS)	2	Nov 28, 2013
I	ISO 27001:2013 Released - Transition Requirements?	IEC 27001 - Information Security Management Systems (ISMS)	6	Oct 7, 2013
J	ISO 27001 - Business Continuity Event Simulation Testing	Business Continuity & Resiliency Planning (BCRP)	8	May 21, 2013
R	Required artifacts (records) for ISO 27001 Auditing	IEC 27001 - Information Security Management Systems (ISMS)	9	Mar 6, 2013
P	What are the benefits of certified ISMS for ISO 27001 standard?	IEC 27001 - Information Security Management Systems (ISMS)	3	Mar 1, 2013
	DRAFT ISO/IEC 27001:201? ISMS Requirements (Open for Comments!)	IEC 27001 - Information Security Management Systems (ISMS)	0	Jan 19, 2013
R	ISO 27001 A.8.2.2 Information Security Awareness, Education and Training	IEC 27001 - Information Security Management Systems (ISMS)	10	Aug 29, 2012

ISO 27001_Audit

Aishwariya

Registered

yodon

Aishwariya

Registered

Jim Wynne

John Broomfield

geoffairey

Involved In Discussions

John Broomfield

Similar threads