ISO 27001_Audit

Aishwariya · Feb 28, 2023

Hi. I am Aishwariya From UAE, I am looking for audit tips on the group policy if the company is not using Microsoft suite.. mostly its G suite.. what would be the audit questions and evidences I might be looking for here?

yodon · Mar 2, 2023

With no intention of being disrespectful, it sounds like you're being asked to audit although you don't have any audit training or experience?

Aishwariya · Mar 13, 2023

Hi.. thank you yodel, nothing to disrespect your reply and intention, but asking question does not mean that I do not have experience, every forum is a learning, I have asked to learn. Not only can auditor asks the questions, also the audit..

Jim Wynne · Mar 13, 2023

Aishwariya said:
Hi. I am Aishwariya From UAE, I am looking for audit tips on the group policy if the company is not using Microsoft suite.. mostly its G suite.. what would be the audit questions and evidences I might be looking for here?

If you're doing an internal audit, it should be informed by your company's own requirements. Presumably, those internal requirements are based on requirements of the standard. BTW, "G Suite" is now Google Workspace.

John Broomfield · Mar 13, 2023

Aishwariya said:
Hi. I am Aishwariya From UAE, I am looking for audit tips on the group policy if the company is not using Microsoft suite.. mostly its G suite.. what would be the audit questions and evidences I might be looking for here?

The management system responsible for the design, delivery and upkeep of Google Apps received ISO 27001 certification over ten years ago according to this report:

https://www.itpro.co.uk/640891/google-apps-for-business-gets-iso-27001-certification

So, it appears that you have no inherent problem using the “G-Suite” instead of Office 365.

geoffairey · Apr 19, 2023

John Broomfield said:
The management system responsible for the design, delivery and upkeep of Google Apps received ISO 27001 certification over ten years ago according to this report:

Google Apps for Business gets ISO 27001 certification

So, it appears that you have no inherent problem using the “G-Suite” instead of Office 365.

The system itself (Google Workspace) may be Certified, but if it's not used in a compliant way by the organisation, then it won't comply with the standard. e.g if shared logons are used, this would fail basic access control requirements.

John Broomfield · Apr 19, 2023

geoffairey said:
The system itself (Google Workspace) may be Certified, but if it's not used in a compliant way by the organisation, then it won't comply with the standard. e.g if shared logons are used, this would fail basic access control requirements.

Of course.

ISO 27001_Audit

Aishwariya

Registered

yodon

Aishwariya

Registered

Jim Wynne

John Broomfield

geoffairey

Involved In Discussions

John Broomfield

Similar threads