User
I just bought the template for the Internal audit program, ISO27001 and I am wondering about the details. The template is very simple and doesn't really show how to ensure that the whole standard including the security controls has been reviewed in a three-year period?
Experta
The purpose of the Internal Audit Program is not to list each control to be audited. To list each control, organizations should use the Internal Audit Checklist.
According to ISO 27001, the purpose of the Internal Audit Program is to define the schedule of audits for the next 1 or 3 years, their scope, methods, and other general information.