ISMS (ISO 27001:2013) Observation for improvement
Observation or Opportunity for improvements by ISMS(ISO 27001:2013) In the overall listing of agenda items, observations were mentioned. During an assessment, the teams are concentrating on determining compliance and adequacy however, It is possible that they will also see areas/activities that, whilst meeting both of the basic criteria; are perhaps; • Suspect in terms of long-term sustainability • Less than well organized; • Over-complicated. Provide they give no direct evidence of failure, can be raised as audit findings CARs, but, in the spirit of improvement, Auditors should be prepared to find ways in which to bring them to the attention of the management for their possible consideration. They are not mandatory; they cannot be used against the company if they do not take on board the auditor's comments. They are simply statements that the auditor feel may be of benefit to the company. Here you can get more information about the Lead Auditor Trai