Purpose
How to use this page
Use this as a navigation and decision page. Follow the links for detailed control, audit, risk, evidence, and exam notes.
This guide is the audit view of the vault. It turns the ISO/IEC 27001 and Annex A notes into audit planning, evidence testing, interview questions, findings, and corrective action flow.
Use it when the question is:
- what should the auditor verify;
- what evidence is strong or weak;
- what interviews should be performed;
- how implementation claims should be challenged;
- how findings should map back to risk, controls, and management review.
Core audit path
- Internal Audit Execution Guide
- A.5 Organizational Controls Audit Guide
- A.6 People Controls Audit Guide
- A.7 Physical Controls Audit Guide
- A.8 Technological Controls Audit Guide
- Audit Evidence Index
- ISO 27001 Implementer Auditor ISO 27005 Mapping
- A.5 Controls Implementation Audit Risk Mapping
- A.6 People Controls Implementation Audit Risk Mapping
- A.7 Physical Controls Implementation Audit Risk Mapping
- A.8 Technological Controls Implementation Audit Risk Mapping
Audit principle
Audit the operating ISMS, not the presence of documents. A policy without awareness, ownership, evidence, review, and corrective action is weak evidence.
Related notes
- Iso27001
- Auditor guide
- Internal audit
- Moc
Note Metadata
Aliases: Auditor Guide, ISO27001 Auditor Guide
Source: 06 Auditor Guide/ISO 27001 Auditor Guide MOC.md
Graph-sourced resources
Templates and evidence
Implementer templates
Working artifacts for control owners and operators.
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- ISO27001 ISMS KB - Start Here
- Internal Audit
- Management Review
- Audit Evidence MOC
- A.5 Organizational Controls Implementation Guide
- ISMS Implementation Roadmap
- A.5 Organizational Controls Audit Guide
- A.6 People Controls Audit Guide
- A.7 Physical Controls Audit Guide
- A.8 Technological Controls Audit Guide
- Internal Audit Execution Guide
- A.5 Controls Implementation Audit Risk Mapping
- A.6 People Controls Implementation Audit Risk Mapping
- A.7 Physical Controls Implementation Audit Risk Mapping
- A.8 Technological Controls Implementation Audit Risk Mapping
- ISO 27001 Implementer Auditor ISO 27005 Mapping
- ISO 27001 Knowledge Base
- ISO 27001 Requirements to Implementation and Audit Map
- Asset Threat Vulnerability Risk Control Evidence Data Model
- Template - Corrective Action Tracker
- Template - Evidence Request List
- Template - Internal Audit Interview Question Bank
- Audit Evidence Index
- ISO 27001 Overview
- Templates MOC