Audit Plan Template Contents
The audit plan is a simple, yet effective, Microsoft Excel Template. It doesn’t have to be complicated to get the job done. Pre populated to ISO 27001 it takes seconds to adapt it cover audits of other controls, standards and areas.
- Audit Area
- A calendar of the year
- A flag to show if planned or completed
The Audit Plan has appropriate ISO 27001 required document mark up for classification, version control, document owner and last reviewed.
It includes audit planning for both ISO 27002: 2013 and ISO 27002: 2022 and it forms part of the ISO 27001 Templates Toolkit.
Plan the ISO 27002: 2013 Edition Audit
Plan the ISO 27002: 2022 Edition Audit
The ISO 27001 Audit Plan Template is required by the ISO 27001 standard and is a mandatory ISO 27001 document for ISO 27001 certification. Save over 4 hours of work creating it yourself with the peace of mind it is what good looks like and will meet the ISO 27001 requirements.
Meets the requirement of ISO 27001 Clause 9.2 Internal Audit
The organisation shall conduct internal audits at planned intervals to provide information on whether the information security management system:
- ISO 27001 Clause 9.2 a) conforms to 1) the organisation’s own requirements for its information security management system; and 2) the requirements of this International Standard;
- ISO 27001 Clause 9.2 b) is effectively implemented and maintained. The organisation shall:
- ISO 27001 Clause 9.2 c) plan, establish, implement and maintain an audit programme(s), including the frequency, methods, responsibilities, planning requirements and reporting. The audit programme(s) shall take into consideration the importance of the processes concerned and the results of previous audits;
- ISO 27001 Clause 9.2 d) define the audit criteria and scope for each audit;
- ISO 27001 Clause 9.2 e) select auditors and conduct audits that ensure objectivity and the impartiality of the audit process;
- ISO 27001 Clause 9.2 f ) ensure that the results of the audits are reported to relevant management; and g) retain documented information as evidence of the audit programme(s) and the audit results.