Documentos de Académico
Documentos de Profesional
Documentos de Cultura
1 Control de Acceso
;7bovr-u--v;]u-ut;;Ѵ-11;vo-Ѵov-1ঞov;v|࢙-|oub-7ou;v|ubm]b7o;m=m1bॕm7;Ѵov
u;tbvb|ov7;m;]o1bo7;v;]ub7-7ĺ
ƒĺƑo7;Ѵom-Ѵझঞ1o
Ѵ]oub|loo1࢙Ѵ1Ѵot;1ol0bm-m-ol࢙vmedidas básicasŐƒĺƐƏőoderivadasŐƒĺƑƑővb]b;m7oѴov
1ub|;ubov7;7;1bvbॕm-vo1b-7ov-Ѵ-vlbvl-vĺ
3.3 Ataque
$;m|-ঞ-7;7;v|ubuķ;rom;uķ-Ѵ|;u-uķbm_-0bѴb|-uķuo0-uo-11;7;uvbm-|oub-1bॕmo_-1;umvomo
-|oub-7o7;m-1ঞoĺ
3.4 Atributo
uorb;7-7o1-u-1|;uझvঞ1-7;mobjetoŐƒĺƔƔőt;;v1-mঞ|-ঞ-o1-Ѵb|-ঞ-l;m|;7bvঞm]b0Ѵ;
roul;7bov_l-movo-|ol࢙ঞ1ovĺ
Œ7-r|-7-7;"ņ ƐƔƖƒƖĹƑƏƏƕœ
3.5 Auditoría
ProcesoŐƒĺѵƐővbv|;l࢙ঞ1oķbm7;r;m7b;m|;7o1l;m|-7or-u-o0|;m;u;b7;m1b-v7;-7b|ouझ-
;-Ѵ-uѴ-v7;l-m;u-o0f;ঞ-1om;ѴCm7;7;|;ulbm-u;Ѵ]u-7o;m;Ѵt;v;1lrѴ;mѴov1ub|;ubov
$ƐĹ&m--7b|ouझ-r;7;v;ubm|;um-Ő7;rubl;u-r-u|;őķo;|;um-Ő7;v;]m7-o|;u1;u-r-u|;őķ
r;7;v;u1ol0bm-7-Ő1ol0bm-m7o7ovol࢙v7bv1brѴbm-vőĺ
$ƑĹľ b7;m1b-7;-7b|ouझ-Ŀľ1ub|;ubov7;-7b|ouझ-Ŀv;7;Cm;m;mѴ-oul-"ƐƖƏƐƐĺ
|;mvbॕmѴझlb|;v7;m--7b|ouझ-ŐƒĺƔőĺ
Œ"ƐƖƏƐƐĹƑƏƐƐœ
ƒĺƕ|;mঞ1-1bॕm
rou|-1bॕm7;]-u-mঠ-v7;t;vom1ouu;1|-vѴ-v1-u-1|;uझvঞ1-vt;m-;mঞ7-7u;bbm7b1-r-u-vझ
lbvl-ĺ
61
ƒĺѶ|;mঞ1b7-7
uorb;7-71omvbv|;m|;;mt;m-;mঞ7-7;vѴot;7b1;v;uĺ
3.9 Disponibilidad
uorb;7-77;v;u-11;vb0Ѵ;;v|-uѴbv|or-u-vvoo7;l-m7-7;m-;mঞ7-7-|oub-7-ĺ
Œ"ņ ƐƔƖƒƖĹƑƏƏƕœ
$Ĺ&m-l;7b7-0࢙vb1-;v=m1bom-Ѵl;m|;bm7;r;m7b;m|;7;o|u-vl;7b7-vĺ
3.11 Competencia
-r-1b7-7r-u--rѴb1-u1omo1blb;m|ov_-0bѴb7-7;v1om;ѴCm7;Ѵo]u-uѴovu;vѴ|-7ovru;bv|ovĺ
ƒĺƐƑomC7;m1b-Ѵb7-7
uorb;7-77;Ѵ-bm=oul-1bॕmrouѴ-t;v;l-mঞ;m;bm-11;vb0Ѵ;mov;u;;Ѵ--bm7bb7ovķ
;mঞ7-7;voprocesosŐƒĺѵƐőmo-|oub-7ovĺ
3.13 Conformidad
lrѴblb;m|o7;mrequisitoŐƒĺѵƒőĺ
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
3.14 Consecuencia
!;vѴ|-7o7;msucesoŐƒĺƑƔőt;-=;1|--Ѵovo0f;ঞovŐƒĺƔѵőĺ
Œझ-"ƕƒĹƑƏƏƖœ
$ƐĹ&mv1;vor;7;1om71bu-m-v;ub;7;1omv;1;m1b-vĺ
$ƑĹ&m-1omv;1;m1b-r;7;v;u1b;u|-obm1b;u|-moul-Ѵl;m|;;vm;]-ঞ-;m;Ѵ1om|;|o7;
Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
$ƒĹ-v1omv;1;m1b-vv;r;7;m;ru;v-u7;=oul-1-Ѵb|-ঞ-o1-mঞ|-ঞ-ĺ
$ƓĹ-v1omv;1;m1b-vbmb1b-Ѵ;vr;7;m1om;uঞuv;;mu;-11bom;v;m1-7;m-ĺ
ƒĺƐƔ;fou-omঞm-
1ঞb7-7u;1uu;m|;r-u-l;fou-u;ѴdesempeñoŐƒĺƔƖőĺ
62
3.16 Control
;7b7-t;lo7bC1-mriesgoŐƒĺѵѶőĺ
Œ"झ-ƕƒĹƑƏƖƏœ
$ƐĹov1om|uoѴ;vbm1Ѵ;m1-Ѵtb;uruo1;voķroѴझঞ1-ķ7bvrovbঞoķru࢙1ঞ1-ķo|u-v-11bom;v
t;lo7bCt;mmub;v]oĺ
$ ƑĹ ov 1om|uoѴ;v mo vb;lru; r;7;m ruorou1bom-u ;Ѵ ;=;1|o 7; lo7bC1-1bॕm ru;bv|o o
-vlb7oĺ
ƒĺƐƕ0f;ঞo7;om|uoѴ
;1Ѵ-u-1bॕmt;7;v1ub0;Ѵot;v;tb;u;Ѵo]u-u1olou;vѴ|-7o7;Ѵ-blrѴ;l;m|-1bॕm7;controles
ŐƒĺƐѵőĺ
3.18 Corrección
11bॕmr-u-;Ѵblbm-um-no conformidadŐƒĺƔƒő7;|;1|-7-ĺ
ƒĺƐƖ11bॕmouu;1ঞ-
11bॕmr-u-;Ѵblbm-uѴ-1-v-7;m-no conformidad ŐƒĺƔƒőru;;mbut;;Ѵ--o1uubuĺ
3.20 Datos
omfm|o7;-Ѵou;v-vo1b-7ov-medidas básicasŐƒĺƐƏőķ medida derivadasŐƒĺƑƑőņo indicadores
ŐƒĺƒƏőĺ
Œ"ņ ƐƔƖƒƖĹƑƏƏƕœ
Œ"ņ ƐƔƖƒƖĹƑƏƏƕœ
63
3.23 Información Documentada
m=oul-1bॕmt;m-organizaciónŐƒĺƔƕőঞ;m;t;1om|uoѴ-ul-m|;m;uķ;Ѵl;7bo;m;Ѵt;;v|࢙
1om|;mb7-ĺ
$ƐĹ-bm=oul-1bॕm7o1l;m|-7-r;7;;v|-u;m1-Ѵtb;u=oul-|ol;7boķr;7;ruo;mbu
7;1-Ѵtb;u=;m|;ĺ
$ƑĹ-bm=oul-1bॕm7o1l;m|-7-r;7;_-1;uu;=;u;m1b--Ĺ
վ Ѵsistema de gestiónŐƒĺƓѵőķbm1Ѵb7ovѴovprocesosŐƒĺѵƐőu;Ѵ-1bom-7ovĺ
վ -bm=oul-1bॕm1u;-7-r-u-t;Ѵ-ou]-mb-1bॕmor;u;Ő7o1l;m|-1bॕmőĺ
վ -;b7;m1b-7;Ѵovu;vѴ|-7ov-Ѵ1-m-7ovŐu;]bv|uovőĺ
ƒĺƑƓ C1-1b-
u-7o;m;Ѵ1-Ѵv;u;-Ѵb-mѴ-v-1ঞb7-7;vrѴ-mbC1-7-vv;Ѵo]u-mѴovu;vѴ|-7ovrѴ-mbC1-7ovĺ
3.25 Evento
1uu;m1b-o1-l0bo7;m1omfm|or-uঞ1Ѵ-u7;1bu1mv|-m1b-vĺ
Œ tb-Ѵ;m|;-ľv1;voĿ;mझ-"ƕƒĹƑƏƏƖœ
NOTA 1:&m;;m|or;7;v;uিmb1oou;r;ঞuv;ķv;r;7;7;0;u--ub-v1-v-vĺ
NOTA 2:&m;;m|or;7;1omvbvঞu;m-Ѵ]ot;mov;ѴѴ;]--ruo71buĺ
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
NOTA 3:Ѵ]m-v;1;vķm;;m|ov;r;7;1-ѴbC1-u1olomľbm1b7;m|;Ŀomľ-11b7;m|;Ŀĺ
$Ĺ-7bu;11bॕm;f;1ঞ--;1;vv;ѴѴ-l--Ѵ|-7bu;11bॕmr;7;bm1Ѵbu7bu;1|ou;v];m;u-Ѵ;vķ
7bu;1|ou;vCm-m1b;uovķ7bu;1|ou;v7;Ѵ-bm=oul-1bॕmo|uovuoѴ;vvblbѴ-u;vĺ
Œझ-"ƕƒĹƑƏƏƖœ
$Ĺ Ѵ;m|oumo;|;umor;7;bm1ѴbuĹ
64
վ Ѵ;m|oumo1Ѵ|u-Ѵķvo1b-ѴķroѴझ|b1oķѴ;]-Ѵķu;]Ѵ-|ouboķ=bm-m1b;uoķ|;1moѴॕ]b1oķ;1omॕlb1oķm-|u-Ѵ
1olr;|b|boķ-mb;Ѵbm|;um-1bom-Ѵķm-1bom-Ѵķu;]bom-ѴoѴo1-Ѵĺ
վ ov =-1|ou;v Ѵ-v |;m7;m1b-v t; |;m]-m blr-1|o vo0u; Ѵov objetivos ŐƒĺƔѵő 7; Ѵ- organización
ŐƒĺƔƕőĺ
վ Las relaciones con las partes interesadas;|;um-vŐƒĺѶƑőķvvr;u1;r1bom;vvv-Ѵou;vĺ
$Ĺ m-Ѵ]m-vfubv7b11bom;vķ;Ѵॕu]-mo7;]o0b;umor;7;v;u;Ѵ1omv;fo7;-7lbmbv|u-1bॕmĺ
3.30 Indicador
MedidaŐƒĺƓƕőt;ruorou1bom-m-;vঞl-1bॕmom-;-Ѵ-1bॕm7;7;|;ulbm-7ov-|ub0|ovŐƒĺƓő
v-m7omlo7;Ѵo-m-Ѵझঞ1oŐƒĺƑőr-u-v-ঞv=-1;um-v7;|;ulbm-7-vnecesidades de información
ŐƒĺƒƐőĺ
Œ"ņ ƐƔƖƒƖĹƑƏƏƕœ
$Ĺ7b;m7oķ-7;l࢙vķ-0-u1-uo|u-vruorb;7-7;vķ1oloѴ--|;mঞ1b7-7ŐƒĺѶőķѴ-u;vromv-0bѴb7-7ķ
el no repudioŐƒĺƔƓőѴ-C-0bѴb7-7ŐƒĺѵƑőĺ
65
ƒĺƒƓomঞmb7-77;Ѵ-";]ub7-77;Ѵ-m=oul-1bॕm
ProcesosŐƒĺѵƐőruo1;7blb;m|ovr-u--v;]u-uѴ-1omঞmb7-77;Ѵ-v-1ঞb7-7;vu;Ѵ-1bom-7-v1omѴ-
seguridad de la informaciónŐƒĺƒƒőĺ
ƒĺƒƕ;vঞॕm7;m1b7;m|;v7;";]ub7-77;Ѵ-m=oul-1bॕm
ProcesosŐƒĺѵƐőr-u-Ѵ-7;|;11bॕmķmoঞC1-1bॕmķ;-Ѵ-1bॕmķu;vr;v|-ķ|u-|-lb;m|oķ-ru;m7b-f;7;
incidentes de la seguridad de la informaciónŐƒĺƒѵőĺ
ƒĺƒѶoѴ;1ঞot;olr-u|;m=oul-1bॕm
uro7;ou]-mb-1bom;vt;-1;u7-m1olr-uঞubm=oul-1bॕmĺ
$Ĺ&m-ou]-mb-1bॕmr;7;v;umbm7bb7oĺ
bm=oul-1bॕmĺ
3.40 Integridad
uorb;7-77;;-1ঞ|71olrѴ;ঞ|7ĺ
Œझ-"ƕƒĹƑƏƏƖœ
$Ĺ Ѵ1om|;|obm|;umor;7;bm1ѴbuĹ
66
վ Ѵ]o0b;umoķѴ-;v|u1|u-7;Ѵ-ou]-mb-1bॕmķѴ-v=m1bom;vѴ-o0Ѵb]-1bॕm7;u;m7bu1;m|-vĺ
վ -vroѴझ|b1-vķѴovo0f;|bovѴ-v;v|u-|;]b-vt;v;;v|-0Ѵ;1;mr-u-1omv;]buѴoĺ
վ -v1-r-1b7-7;vķ;m|;m7b7-v;m|࣐ulbmov7;u;1uvov1omo1blb;m|ovŐrou;f;lrѴoķ1-rb|-Ѵķ|b;lroķ
r;uvom-vķruo1;vovķvbv|;l-v|;1moѴo]झ-vőĺ
վ ovvbv|;l-v7;bm=oul-1bॕmķѴov=Ѵfov7;bm=oul-1bॕmѴovruo1;vov7;|ol-7;7;1bvbom;vŐ|-m|o
=oul-Ѵ;v1olobm=oul-Ѵ;vőĺ
վ -vu;Ѵ-1bom;vķr;u1;r1bom;vѴov-Ѵou;v7;Ѵ-vr-u|;vbm|;u;v-7-vbm|;um-vĺ
վ -1Ѵ|u-7;Ѵ-ou]-mb-1bॕmĺ
վ -vmoul-vķѴ-v7bu;1|ub1;vѴovlo7;Ѵov-7or|-7ovrouѴ-ou]-mb-1bॕmĺ
վ -=oul--lrѴb|77;Ѵ-vu;Ѵ-1bom;v1om|u-1|-Ѵ;vĺ
Œझ-"ƕƒĹƑƏƏƖœ
Œझ-"ƕƒĹƑƏƏƖœ
$ƐĹ&mvbv|;l-7;];vঞॕmr;7;|u-|-um-voѴ-7bv1brѴbm-o-ub-v7bv1brѴbm-vĺ
$ ƑĹ ov ;Ѵ;l;m|ov 7;Ѵ vbv|;l- bm1Ѵ;m Ѵ- ;v|u1|u- 7; Ѵ-ou]-mb-1bॕmķ Ѵov uoѴ;v Ѵ-v
u;vromv-0bѴb7-7;vķѴ-rѴ-mbC1-1bॕmķѴ-or;u-1bॕmķ;|1ĺ
$ƒĹ Ѵ-Ѵ1-m1;7;mvbv|;l-7;];vঞॕmr;7;bm1ѴbuѴ-|o|-Ѵb7-77;Ѵ-ou]-mb-1bॕmķ
=m1bom;v;vr;1झC1-v;b7;mঞC1-7-v7;Ѵ-ou]-mb-1bॕmķv;11bom;v;vr;1झC1-v;b7;mঞC1-7-v
de laou]-mb-1bॕmķom-ol࢙v=m1bom;v7;m|uo7;m]uro7;ou]-mb-1bom;vĺ
67
3.47 Medida
(-ub-0Ѵ;-Ѵ-t;v;Ѵ;-vb]m-m-Ѵou1olou;vѴ|-7o7;m-mediciónŐƒĺƓѶőĺ
Œ"ņ ƐƔƖƒƖĹƑƏƏƕœ
$Ĺ Ѵ|;ulbmoľl;7b7-vĿv;ঞѴb-r-u-_-1;uu;=;u;m1b-1omfm|-l;m|;-l;7b7-v7;0-v;ķ7;
Ѵ-v7;ub-7-vķ;bm7b1-7ou;vĺ
3.48 Medición
ProcesoŐƒĺѵƐőr-u-7;|;ulbm-um-Ѵouĺ
Œ"ņ ƐƔƖƒƖĹƑƏƏƕœ
Œ"ņ ƐƔƖƒƖĹƑƏƏƕœ
$Ĺ Ѵঞro7;l࣐|o7o7;l;7b1bॕm7;r;m7;7;Ѵ-m-|u-Ѵ;-7;Ѵ-vor;u-1bom;vঞѴb-7-vr-u-
1-mঞC1-um-|ub0|oĺ";r;7;m7bvঞm]bu7ovঞrovĹ
վ "0f;|boĹ-1-m|b=b1-1bॕmv;0-v-;m;Ѵfb1bo_l-moĺ
վ 0f;|boĹ-1-m|b=b1-1bॕmv;0-v-;mu;]Ѵ-vml࣐ub1-vĺ
68
3.52 Supervisión, Seguimiento o Monitorización (monitoring)
;|;ulbm-1bॕm7;Ѵ;v|-7o7;mvbv|;l-ķmprocesoŐƒĺѵƐőom--1ঞb7-7ĺ
$Ĺ -u- 7;|;ulbm-u ;Ѵ ;v|-7o r;7; v;u m;1;v-ubo ;ubC1-uķ vr;ubv-u o0v;u-u ;m =oul-
1uझঞ1-ĺ
3.53 No Conformidad
m1lrѴblb;m|o7;mrequisitoŐƒĺѵƒőĺ
3.54 No Repudio
-r-1b7-7r-u-1ouuo0ou-ut;;v1b;u|-Ѵ-u;bbm7b1-1bॕm7;t;o1uubॕm1b;u|ov1;voov;
u;-Ѵbॕm-1b;u|--11bॕmrour-u|;7;Ѵ-v;mঞ7-7;vt;Ѵooub]bm-uomĺ
3.55 Objeto
Ѵ;l;m|o1-u-1|;ub-7oroul;7bo7;Ѵ-l;7b1bॕmŐƒĺƓѶő7;vv-|ub0|ovŐƒĺƓőĺ
ƒĺƔѵ0f;ঞo
!;vѴ|-7o-Ѵo]u-u
$ƐĹ&mo0f;ঞor;7;v;u;v|u-|࣐]b1oķ|࢙1ঞ1oor;u-ঞoĺ
$ƑĹovo0f;ঞovr;7;mu;=;ubuv;-7b=;u;m|;v7bv1brѴbm-vŐ1oloCm-m1b;u-vķ7;v;]ub7-7
v-Ѵ7-l0b;m|-Ѵ;vőv;r;7;m-rѴb1-u;m7b=;u;m|;vmb;Ѵ;vŐ1olo;v|u-|࣐]b1ovķr-u-|o7-Ѵ-
ou]-mb-1bॕmķr-u-ruo;1|ovķruo71|ovprocesosŐƒĺѵƐőőĺ
$ƓĹ m;Ѵ1om|;|o7;vbv|;l-v7;];vঞॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmķѴ-ou]-mb-1bॕm
;v|-0Ѵ;1;Ѵovo0f;ঞov7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmķ;m1om1ou7-m1b-1omѴ-roѴझঞ1-7;
v;]ub7-77;Ѵ-bm=oul-1bॕmķr-u-Ѵo]u-uu;vѴ|-7ov;vr;1झC1ovĺ
3.57 Organización
;uvom-o]uro7;r;uvom-vt;ঞ;m;mvvruorb-v=m1bom;v1omu;vromv-0bѴb7-7;vķ-|oub7-7;v
u;Ѵ-1bom;vr-u-;ѴѴo]uo7;vvo0f;ঞovŐƒĺƔѵőĺ
$Ĺ Ѵ 1om1;r|o 7; ou]-mb-1bॕm bm1Ѵ;ķ r;uo mo v; Ѵblb|- -ķ ;lru;v-ubov mbr;uvom-Ѵ;vķ
;lru;v-vķ1ourou-1bom;vķCul-vķ-|oub7-7;vķ-vo1b-1bom;vķ;|1ĺķ;mvblbvl-vķr-u1b-Ѵl;m|;o]uro
7;;ѴѴ-vķv;-mrি0Ѵb1-vorub-7-vĺ
69
3.58 Contratar Externamente (verbo)
v|-0Ѵ;1;um-1;u7ol;7b-m|;;Ѵ1-Ѵm-organizaciónŐƒĺƔƕő;|;um-u;-Ѵb-r-u|;7;m-=m1bॕm
o procesoŐƒĺѵƐő7;m-ou]-mb-1bॕmĺ
$ƐĹ&m-ou]-mb-1bॕm;|;um-;v|࢙=;u-7;Ѵ-Ѵ1-m1;7;Ѵvbv|;l-7;];vঞॕmŐƒĺƓѵőķ-mt;Ѵ-
=m1bॕmoruo1;vo1om|u-|-7o;|;um-l;m|;=oul;r-u|;7;Ѵ-Ѵ1-m1;ĺ
3.59 Desempeño
!;vѴ|-7ol;7b0Ѵ;ĺ
$ƐĹ Ѵ7;v;lr;ोov;r;7;u;Ѵ-1bom-u1om_-ѴѴ-]ov1-mঞ|-ঞovo1-Ѵb|-ঞovĺ
$ƑĹ Ѵ7;v;lr;ोov;r;7;u;Ѵ-1bom-u1omѴ-];vঞॕm7;-1ঞb7-7;vķprocesosŐƒĺѵƐőķ
ruo71|ovŐbm1Ѵb7ovv;ub1bovőķvbv|;l-vorganizaciones ŐƒĺƔƕőĺ
ƒĺѵƏoѴझঞ1-
m|;m1bom;v7bu;11bॕm7;m-organizaciónŐƒĺƔƕőķ1oloѴ-v;ru;v-=oul-Ѵl;m|;valta dirección
ŐƒĺѶƓőĺ
3.61 Proceso
omfm|o7;-1ঞb7-7;vbm|;uu;Ѵ-1bom-7-vot;bm|;u-1|ি-mķt;|u-mv=oul-;Ѵ;l;m|ov7;;m|u-7-
;m;Ѵ;l;m|ov7;v-Ѵb7-ĺ
3.62 Fiabilidad
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
uorb;7-7u;Ѵ-ঞ--Ѵ-1omvbv|;m1b-;m;Ѵ1olrou|-lb;m|o;mѴovu;vѴ|-7ov7;v;-7ovĺ
3.63 Requisito
;1;vb7-7o;r;1|-ঞ-t;;v|࢙;v|-0Ѵ;1b7-ķ];m;u-Ѵl;m|;blrѴझ1b|-o0Ѵb]-|oub-ĺ
$ƐĹľ;m;u-Ѵl;m|;blrѴझ1b|-Ŀvb]mbC1-t;;vm-1ov|l0u;oru࢙1ঞ1-1olিm;mѴ-ou]-mb-1bॕm
;mѴ-vr-u|;vbm|;u;v-7-vķt;Ѵ-m;1;vb7-7o;r;1|-ঞ-t;v;1omvb7;u-;v|࢙blrѴझ1b|-ĺ
$ ƑĹ &m u;tbvb|o ;vr;1bC1-7o ;v ;Ѵ t; ;v|࢙ 7;1Ѵ-u-7oķ rou ;f;lrѴoķ ;m bm=oul-1bॕm
7o1l;m|-7-ĺ
$ƐĹ Ѵub;v]ou;vb7-Ѵr;7;1om|;m;uub;v]ovmob7;mঞC1-7ovĺ
$ƑĹ Ѵub;v]ou;vb7-Ѵ|-l0b࣐mv;r;7;1omo1;u1oloľub;v]ou;|;mb7oĿĺ
70
3.65 Revisión
1ঞb7-7t;v;u;-Ѵb-r-u-7;|;ulbm-uѴ-b7om;b7-7ķѴ--7;1-1bॕmѴ-;C1-1b-ŐƒĺƑƓő7;Ѵ|;l-
;v|7b-7or-u-1omv;]buѴovo0f;ঞov;v|-0Ѵ;1b7ovĺ
Œझ-"ƕƒĹƑƏƏƖœ
ƒĺѵƕ0f;ঞo7;Ѵ-!;bvbॕm
;1Ѵ-u-1bॕmt;7;v1ub0;Ѵot;v;tb;u;Ѵo]u-u1olou;vѴ|-7o7;m-u;bvbॕmĺ
3.68 Riesgo
=;1|o7;Ѵ-bm1;uঞ7l0u;vo0u;Ѵ-1omv;11bॕm7;Ѵovo0f;ঞovĺ
Œझ-"ƕƒĹƑƏƏƖœ
$ƐĹ&m;=;1|o;vm-7;vb-1bॕmķrovbঞ-ņom;]-ঞ-ķu;vr;1|o-Ѵoruobv|oĺ
$ƑĹ-bm1;uঞ7l0u;;v;Ѵ;v|-7oķbm1Ѵvor-u1b-Ѵķ7;7;C1b;m1b-;mѴ-bm=oul-1bॕmu;Ѵ-ঞ--
la 1olru;mvbॕmo-Ѵ1omo1blb;m|o7;msucesoŐƒĺƑƔőķ7;vvconsecuenciasŐƒĺƐƓőo7;v
probabilidadŐƒĺƓƔőĺ
$ƒĹom=u;1;m1b-ķ;Ѵub;v]ov;1-u-1|;ub-rouu;=;u;m1b--sucesosŐƒĺƑƔőro|;m1b-Ѵ;v-vv
consecuenciasŐƒĺƐƓőom-1ol0bm-1bॕm7;-l0ovĺ
$ƔĹ m;Ѵ1om|;|o7;vbv|;l-7;];vঞॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmķѴovub;v]ov7;v;]ub7-7
7;Ѵ-bm=oul-1bॕmv;r;7;m;ru;v-u1olo;Ѵ;=;1|o7;Ѵ-bm1;uঞ7l0u;vo0u;Ѵovo0f;ঞov7;v;]ub7-7
7;Ѵ-bm=oul-1bॕmĺ
$ѵĹ Ѵub;v]o7;v;]ub7-77;Ѵ-bm=oul-1bॕmv;u;Ѵ-1bom-1omѴ-rovb0bѴb7-77;t;Ѵ-vamenazas
ŐƒĺѶƒő ;rѴo|;m vulnerabilidades ŐƒĺѶƖő 7; m -1ঞo o ]uro 7; -1ঞov 7; bm=oul-1bॕm 1-v;m
7-ोo-m-ou]-mb-1bॕmĺ
71
3.69 Aceptación del Riesgo
;1bvbॕmbm=oul-7-;m=-ou7;|ol-umriesgoŐƒĺѵѶőr-uঞ1Ѵ-uĺ
Œझ-"ƕƒĹƑƏƏƖœ
$ƑĹovub;v]ov-1;r|-7ovvomo0f;|o7;seguimientoŐƒĺƔƑő7;revisiónŐƒĺѵƔőĺ
Œझ-"ƕƒĹƑƏƏƖœ
$ƑĹ Ѵ-m࢙Ѵbvbv7;Ѵub;v]obm1Ѵ;Ѵ-;vঞl-1bॕm7;Ѵub;v]oĺ
Œझ-"ƕƒĹƑƏƏƖœ
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
Œझ-"ƕƒĹƑƏƏƖœ
$ƐĹ-bm=oul-1bॕmr;7;1ouu;vrom7;u-Ѵ-;bv|;m1b-ķѴ-m-|u-Ѵ;-ķѴ-=oul-ķѴ-ruo0-0bѴb7-7ķ
Ѵ-blrou|-m1b-ķѴ-;-Ѵ-1bॕmķѴ--1;r|-0bѴb7-7;Ѵ|u-|-lb;m|o7;Ѵ-];vঞॕm7;Ѵub;v]oĺ
$ƑĹ-1omvѴ|-1omvঞ|;mruo1;vo7;1olmb1-1bॕmbm=oul-7-7;7o0Ѵ;v;mঞ7o;m|u;m-
ou]-mb-1bॕmvvr-u|;vbm|;u;v-7-vķvo0u;m-1;vঞॕm-m|;v7;|ol-um-7;1bvbॕmo7;|;ulbm-u
m-oub;m|-1bॕmvo0u;7b1_-1;vঞॕmĺ-1omvѴ|-;vĹ
վ &mruo1;vot;blr-1|-vo0u;m-7;1bvbॕm-|u-࣐v7;Ѵ-bm=Ѵ;m1b-l࢙vt;rouѴ--|oub7-7ĺ
վ &m-1om|ub01bॕmr-u-m-|ol-7;7;1bvbॕmmom-|ol-7;7;1bvbॕm1omfm|-ĺ
72
3.73 Criterios de Riesgo
$࣐ulbmov7;u;=;u;m1b-u;vr;1|o-Ѵovt;v;;-Ѵি-Ѵ-blrou|-m1b-7;m riesgoŐƒĺѵѶőĺ
Œझ-"ƕƒĹƑƏƏƖœ
$ƐĹov1ub|;ubov7;ub;v]ov;0-v-m;mѴovo0f;ঞov7;Ѵ-ou]-mb-1bॕm;m;Ѵ1om|;|o
;|;umo;bm|;umoĺ
$ƑĹov1ub|;ubov7;ub;v]ov;r;7;o0|;m;u7;moul-vķѴ;;vķroѴझঞ1-vo|uovu;tbvb|ovĺ
Œझ-"ƕƒĹƑƏƏƖœ
ƒĺƕƔ7;mঞC1-1bॕm7;Ѵ!b;v]o
uo1;vot;1olru;m7;Ѵ-0িvt;7-ķ;Ѵu;1omo1blb;m|oѴ-7;v1ubr1bॕm7;Ѵovriesgos ŐƒĺѵѶőĺ
Œझ-"ƕƒĹƑƏƏƖœ
$ƐĹ-b7;mঞC1-1bॕm7;Ѵub;v]oblrѴb1-Ѵ-b7;mঞC1-1bॕm7;Ѵ-v=;m|;v7;ub;v]ovķѴovv1;vovķ
vv1-v-vvv1omv;1;m1b-vro|;m1b-Ѵ;vĺ
ƒĺƕѵ;vঞॕm7;Ѵ!b;v]o
1ঞb7-7;v1oou7bm-7-vr-u-7bub]bu1om|uoѴ-um-ou]-mb-1bॕmŐƒĺƔƕő;mѴou;Ѵ-ঞo-Ѵub;v]oŐƒĺѵѶőĺ
Œझ-"ƕƒĹƑƏƏƖœ
ƒĺƕƕuo1;vo7;;vঞॕm7;Ѵ!b;v]o
rѴb1-1bॕm vbv|;l࢙ঞ1- 7; roѴझঞ1-vķ ruo1;7blb;m|ov ru࢙1ঞ1-v 7; ];vঞॕm - Ѵ-v -1ঞb7-7;v 7;
1olmb1-1bॕmķ 1omvѴ|-ķ ;v|-0Ѵ;1blb;m|o 7;Ѵ 1om|;|oķ ; b7;mঞC1-1bॕmķ -m࢙Ѵbvbvķ ;-Ѵ-1bॕm,
|u-|-lb;m|oķv;]blb;m|ou;bvbॕm7;ѴriesgoŐƒĺѵѶőĺ
Œझ-"ƕƒĹƑƏƏƖœ
$Ĺ-oul-"ņ ƑƕƏƏƔঞѴb-;Ѵ|࣐ulbmoľruo1;voĿr-u-7;v1ub0buѴ-];vঞॕmbm|;]u-Ѵ7;Ѵ
ub;v]oĺov;Ѵ;l;m|ov7;m|uo7;Ѵruo1;vo7;];vঞॕm7;Ѵub;v]ov;7;molbm-mľ-1ঞb7-7;vĿĺ
73
3.78 Dueño del Riesgo
;uvom-o;mঞ7-7t;ঞ;m;Ѵ-u;vromv-0bѴb7-7-|oub7-7r-u-];vঞom-umub;v]oŐƒĺѵѶőĺ
Œझ-"ƕƒĹƑƏƏƖœ
Œझ-"ƕƒĹƑƏƏƖœ
$ƐĹ Ѵ|u-|-lb;m|o7;Ѵub;v]or;7;blrѴb1-uĹ
վ b|-u;Ѵub;v]oķ7;1b7b;m7omobmb1b-uo1om|bm-u1omѴ--1|bb7-7t;lo|b-;Ѵub;v]oĺ
վ 1;r|-uo-l;m|-u;Ѵub;v]o1om;Ѵo0f;|o7;0v1-um-orou|mb7-7ĺ
վ Ѵblbm-uѴ-=;m|;7;ub;v]oĺ
վ -l0b-uѴ-ruo0-0bѴb7-7ĺ
վ -l0b-uѴ-v1omv;1;m1b-vĺ
վ olr-u|bu;Ѵub;v]o1omo|u-o|u-vr-u|;vŐbm1Ѵ;m7oѴov1om|u-|ovѴ-=bm-m1b-1bॕm7;Ѵub;v]oőĺ
վ -m|;m;u;Ѵub;v]o;m0-v;-m-7;1bvbॕmbm=oul-7-ĺ
$ ƑĹ ov |u-|-lb;m|ov 7;Ѵ ub;v]o t; 1om71;m - 1omv;1;m1b-v m;]-ঞ-vķ ;m o1-vbom;v v;
1b|-m1oloľlbঞ]-1bॕm7;Ѵub;v]oĿķľ;Ѵblbm-1bॕm7;Ѵub;v]oĿķľru;;m1bॕm7;Ѵub;v]oĿľu;711bॕm7;Ѵ
ub;v]oĿĺ
$ƒĹ Ѵ|u-|-lb;m|o7;Ѵub;v]or;7;oub]bm-um;ovub;v]ovolo7bC1-uѴovub;v]ov;bv|;m|;vĺ
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
3.80 Escala
omfm|oou7;m-7o7;-Ѵou;vķ1omঞmoo7bv1u;|oķom1omfm|o7;1-|;]ouझ-v-Ѵ-vt;v;-vb]m-
el atributoŐƒĺƓőĺ
Œ"ņ ƐƔƖƒƖĹƑƏƏƕœ
$Ĺ Ѵ ঞro 7; ;v1-Ѵ- 7;r;m7; 7; Ѵ- m-|u-Ѵ;- 7; Ѵ- u;Ѵ-1bॕm ;m|u; Ѵov -Ѵou;v 7; Ѵ- ;v1-Ѵ-ĺ
olিml;m|;v;b7;mঞC1-m1-|uoঞrov7;;v1-Ѵ-Ĺ
1. olbm-ѴĹov-Ѵou;v7;l;7b1bॕmvom1-|;]ouझ-vĺ
2. u7bm-ѴĹov-Ѵou;v7;l;7b1bॕmvom1-|;]ouझ-vou7;m-7-vĺ
3. m|;u-ѴoĹov-Ѵou;v7;Ѵ-vl;7b1bom;vv;-fv|-m-u-m]ov7;-Ѵou;v1-m|b|-|bov7;Ѵ-|ub0|oĺ
4. uorou1bॕmĹov-Ѵou;v7;Ѵ-vl;7b1bom;vvomu;Ѵ-|bovruorou1bom-Ѵ;v-Ѵ-Ѵou7;o|uo-|ub0|oĸ
1ouu;vrom7b;m7o;Ѵ-Ѵou1;uo-Ѵ-Ѵou1;uo7;Ѵ-|ub0|oĺ
v|ovvomvoѴo;f;lrѴov7;ঞrov7;;v1-Ѵ-ĺ
74
3.81 Norma de Implementación de la Seguridad
o1l;m|ot;;vr;1bC1-Ѵ-v=oul-v-|oub-7-vr-u-v-ঞv=-1;uѴ-vm;1;vb7-7;v7;v;]ub7-7ĺ
Œ"ņ ƕƒĹƑƏƏƖœ
3.83 Amenaza
-v-ro|;m1b-Ѵ7;mbm1b7;m|;mo7;v;-7oķ;Ѵ1-Ѵr;7;o1-vbom-u7-ोo-mvbv|;l-o-m-
ou]-mb-1bॕmĺ
3.84 Alta Dirección
;uvom-o]uro7;r;uvom-vt;7bub];m1om|uoѴ-mm-ou]-mb-1bॕmŐƒĺƔƕő-Ѵl࢙v-Ѵ|omb;Ѵĺ
$ƐĹ--Ѵ|-7bu;11bॕmঞ;m;;Ѵro7;ur-u-7;Ѵ;]-u-|oub7-7ruorou1bom-uu;1uvov7;m|uo7;
Ѵ-ou]-mb-1bॕmĺ
$ƑĹ"b;Ѵ-Ѵ1-m1;7;Ѵvbv|;l-7;];vঞॕmŐƒĺƓѵő1olru;m7;voѴom-r-u|;7;m-ou]-mb-1bॕmķ
;m|om1;vľ-Ѵ|-7bu;11bॕmĿv;u;C;u;-tb;m;v7bub];m1om|uoѴ-m;v-r-u|;7;Ѵ-ou]-mb-1bॕmĺ
ƒĺѶƔ mঞ7-77;omC-m-r-u-Ѵ-olmb1-1bॕm7;Ѵ-m=oul-1bॕm
u]-mb-1bॕmbm7;r;m7b;m|;t;vv|;m|-;Ѵbm|;u1-l0bo7;bm=oul-1bॕm7;m|uo7;m1oѴ;1ঞot;
1olr-u|;bm=oul-1bॕmĺ
Œ"ņ ƐƔƖƒƖĹƑƏƏƕœ
3.87 Validación
omCul-1bॕml;7b-m|;Ѵ--rou|-1bॕm7;;b7;m1b-o0f;ঞ-7;t;v;_-m1lrѴb7oѴovu;tbvb|ov
r-u-m-ঞѴb-1bॕmo-rѴb1-1bॕm;vr;1झC1-ru;bv|-ĺ
Œ"ņ ƖƏƏƏĹƑƏƏƔœ
75
ƒĺѶѶ(;ubC1-1bॕm
omCul-1bॕml;7b-m|;Ѵ--rou|-1bॕm7;;b7;m1b-o0f;ঞ-7;t;v;_-m1lrѴb7oѴovu;tbvb|ov
;vr;1bC1-7ovĺ
Œ"ņ ƖƏƏƏĹƑƏƏƔœ
$Ĺ$-l0b࣐mro7uझ-ѴѴ-l-uv;ru;0-7;1om=oulb7-7ĺ
3.89 Vulnerabilidad
;0bѴb7-77;m-1ঞoo7;mcontrolŐƒĺƐѵőt;r;7;v;u;rѴo|-7-roum-ol࢙vamenazas
ŐƒĺѶƒőĺ
3.90 Información
-Ѵtb;u=oul-7;u;]bv|uo;Ѵ;1|uॕmb1oķ ॕrঞ1oķl-]m࣐ঞ1oo;mo|uovl;7bovķvv1;rঞ0Ѵ;7;v;u
ruo1;v-7-ķ7bv|ub0b7--Ѵl-1;m-7-ĺ
ƒĺƖƐ1ঞo
Ѵ]o7;-Ѵour-u-Ѵ-ou]-mb-1bॕmķ-v;-|-m]b0Ѵ;obm|-m]b0Ѵ;ķt;;vm;1;v-uboruo|;];uķbm1Ѵ;m7o
r;uvom-Ѵķ_-u7-u;ķvo[-u;ķv;ub1bovķbm=u-;v|u1|u-ķ7o1l;m|ovķ7-|ov;m|u;o|uovĺ
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
76
Modulo de Auditoría ISO 19011
77
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
ISO 19011:2018
v|-moul-ruorou1bom-m-]झ-r-u-|o7ovѴov
|-l-ोov ঞrov 7; ou]-mb-1bom;v -7b|ouझ-v
7; 7b=;u;m|;v -Ѵ1-m1;v ;v1-Ѵ-vķ bm1Ѵb7-v -t;ѴѴ-v
u;-Ѵb-7-v rou ]u-m7;v ;tbrov 7; -7b|ouझ-ķ
];m;u-Ѵl;m|;7;ou]-mb-1bom;vl࢙v]u-m7;vķ
-t;ѴѴ-vu;-Ѵb-7-vrou-7b|ou;vbm7bb7-Ѵ;vķ-
v;-;mou]-mb-1bom;v]u-m7;vor;t;ो-vĺ v|-
oub;m|-1bॕm7;0;uझ--7-r|-uv;v;]িm1ouu;vrom7- al
-Ѵ1-m1;ķѴ-1olrѴ;fb7-7Ѵ-;v1-Ѵ-7;Ѵruo]u-l-
7;-7b|ouझ-ĺ
u;=-1boĺ
m|uo711bॕmĺ
1. Ѵ1-m1;ĺ
2. !;=;u;m1b-vmoul-|b-vĺ
3. $࣐ulbmov7;=bmb1bom;vĺ
4. ubm1brbov7;-7b|ouझ-ĺ
5. 7lbmbv|u-u7;mruo]u-l-7;-7b|ouझ-ĺ
6. !;-Ѵb-1bॕm7;m--7b|ouझ-ĺ
7. olr;|;m1b-;-Ѵ-1bॕm7;Ѵov-7b|ou;vĺ
m;oĺ
b0Ѵbo]u-ࣱ-ĺ
78
Alcance ISO 19011:2018
v|; 7o1l;m|o ruorou1bom- oub;m|-1bॕm vo0u; -7b|ouझ- - vbv|;l-v 7; ];vঞॕmķ bm1Ѵb7ov Ѵov
rubm1brbov 7; -7b|ouझ-ķ Ѵ- ];vঞॕm 7; m ruo]u-l- 7; -7b|ouझ- Ѵ- u;-Ѵb-1bॕm 7; -7b|ouझ-v 7;Ѵ
vbv|;l- 7; ];vঞॕmķ -vझ 1olo oub;m|-1bॕm vo0u; Ѵ- ;-Ѵ-1bॕm 7; Ѵ- 1olr;|;m1b- 7; Ѵ-v r;uvom-v
bmoѴ1u-7-v;m;Ѵruo1;vo7;-7b|ouझ-ĺ
v|-v-1ঞb7-7;vbm1Ѵ;mѴ-vr;uvom-vt;-7lbmbv|u-m;Ѵruo]u-l-7;-7b|ouझ-ķѴov-7b|ou;vѴov
;tbrov7;-7b|ouझ-ĺ
v-rѴb1-0Ѵ;-|o7-vѴ-vou]-mb-1bom;vt;m;1;vb|-mrѴ-mbC1-uѴѴ;-u1-0o-7b|ouझ-vbm|;um-vo
;|;um-v7;Ѵovvbv|;l-v7;];vঞॕmo-7lbmbv|u-umruo]u-l-7;-7b|ouझ-ĺ
--rѴb1-1bॕm7;;v|;7o1l;m|o-o|uovঞrov7;-7b|ouझ-v;vrovb0Ѵ;ķvb;lru;t;v;o|ou];m-
1omvb7;u-1bॕm;vr;1b-Ѵ-Ѵ-1olr;|;m1b-;vr;1झC1-m;1;v-ub-ĺ
Auditoría
uo1;vo vbv|;l࢙ঞ1oķ bm7;r;m7b;m|; 7o1l;m|-7o r-u- o0|;m;u ;b7;m1b- o0f;ঞ- ;-Ѵ-uѴ-
o0f;ঞ-l;m|;r-u-7;|;ulbm-u;mt࣐l;7b7-v;1lrѴ;mѴov1ub|;ubov7;-7b|ouझ-ĺ
Nota 1:Ѵ-v-7b|ouझ-vbm|;um-vķ-;1;vѴѴ-l-7-v-7b|ouझ-v7;rubl;u-r-u|;ķvomu;-Ѵb-7-vrouķo;m
mol0u;7;ķѴ-ou]-mb-1bॕmlbvl-ĺ
Nota 2:-v-7b|ouझ-v;|;um-vbm1Ѵ;m-t;ѴѴ-v];m;u-Ѵl;m|;ѴѴ-l-7-v-7b|ouझ-v7;v;]m7-
|;u1;u-r-u|;ĺ-v-7b|ouझ-v7;v;]m7-r-u|;v;ѴѴ;-m-1-0orouѴ-vr-u|;vt;ঞ;m;mmbm|;u࣐v
;mѴ-ou]-mb-1bॕmķ1oloѴov1Ѵb;m|;vķorouo|u-vr;uvom-v;mvmol0u;ĺ-v-7b|ouझ-v7;|;u1;u-
Tipos de Auditoría
79
ĺ Auditorías internas :-;1;vѴѴ-l-7-v-7b|ouझ-v7;rubl;u-r-u|;ķvomu;-Ѵb-7-vrouķo;mmol0u;
7;ķѴ-ou]-mb-1bॕmlbvl-ĺ
ĺ Auditorías externasbm1Ѵ;m-t;ѴѴ-v];m;u-Ѵl;m|;ѴѴ-l-7-v-7b|ouझ-v7;v;]m7-|;u1;u-r-u|;ĺ
Criterios de Auditoría
omfm|o7;u;tbvb|ovঞѴb-7ov1olou;=;u;m1b-1omu;vr;1|o-Ѵov1-Ѵ;vv;1olr-u-Ѵ-;b7;m1b-
o0f;ঞ-ĺ
Nota 1: "bѴov1ub|;ubov7;-7b|ouझ-vomѴ;]-Ѵ;vŐbm1Ѵb7ovѴovu;tbvb|ovѴ;]-Ѵ;vou;]Ѵ-l;m|-ubovőķѴ-v
r-Ѵ-0u-vľ1lrѴblb;m|oĿoľbm1lrѴblb;m|oĿ-l;m7ov;ঞѴb-m;mm-1om1Ѵvbॕm7;-7b|ouझ-
Nota 2Ĺovu;tbvb|ovr;7;mbm1ѴburoѴझঞ1-vķruo1;7blb;m|ovķbmv|u11bom;v7;|u-0-foķu;tbvb|ov
Ѵ;]-Ѵ;vķo0Ѵb]-1bom;v1om|u-1|-Ѵ;vķ;|1ĺĺ
Evidencia de la Auditoría
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
-;b7;m1b-o0f;ঞ-vomѴov7-|ovt; respaldan
Ѵ-;bv|;m1b-oѴ-;u7-77;-Ѵ]oĺ
Nota 1: -;b7;m1b-o0f;ঞ-v;r;7;o0|;m;u
-|u-࣐v7;o0v;u-1bॕmķl;7b1bॕmķru;0-orou
o|uovl;7bovĺ
Nota 2:-;b7;m1b-o0f;ঞ-r-u-;Ѵruorॕvb|o
7;Ѵ--7b|ouझ-];m;u-Ѵl;m|;1omvbv|;;mu;]bv|uovķ
7;1Ѵ-u-1bom;v7;_;1_ovo|u-bm=oul-1bॕmt;
vomu;Ѵ;-m|;vr-u-Ѵov1ub|;ubov7;-7b|ouझ-
;ubC1-0Ѵ;vĺ
80
Resultados de la Auditoría
ovu;vѴ|-7ov7;Ѵ-;-Ѵ-1bॕm7;Ѵ-;b7;m1b-7;-7b|ouझ-u;1orbѴ-7-1om|u-Ѵov1ub|;ubov7;-7b|ouझ-ĺ
Nota 1: ov_-ѴѴ-]ov7;Ѵ--7b|ouझ-bm7b1-m1om=oulb7-7omo1om=oulb7-7ĺ
Nota 2:ov_-ѴѴ-]ov7;Ѵ--7b|ouझ-r;7;m1om71bu-Ѵ-b7;mঞC1-1bॕm7;ub;v]ovķorou|mb7-7;v
7;l;fou-ou;]bv|uo7;0;m-vru࢙1ঞ1-vĺ
վ -ѴѴ-]o7;1lrѴblb;m|oĺ
վ !;tbvb|ovŐmoul-ķѴ;]-Ѵķu;]Ѵ-l;m|-uboķ1om|u-1|-Ѵőĺ
վ Ѵ;Ѵ;l;m|ov;-fv|--Ѵ-;b];m1b-ĺ
վ -blrѴ-m|-1bॕm1ouu;vrom7;-Ѵ-bm|;m1bॕmĺ
վ -blrѴ-m|-1bॕm;v;=b1-ĺ
;fou;vru࢙1ঞ1-vĹ
վ (;ub=b1-uѴov_;1_ov;u0-Ѵ;vĺ
վ ;=bmbuѴ-m-|u-Ѵ;-7;Ѵ-mo1om=oulb7-71om;Ѵ-7b|-7oķ7;|-ѴѴ-m7oѴ-;b7;m1b-7;-7b|ouझ-ĺ
վ $ol-umo|-v1omvѴ|-uѴ-vrov|;uboul;m|;r-u-u;-Ѵb-u;Ѵu;rou|;ĺ
վ -1;um0ovt;fo7;Ѵu;rou|;7;_-ѴѴ-]ov7u-m|;Ѵ-|ol-7;bm=oul-1bॕmĺ
վ Ѵ=bm-Ѵb-u1-7-foum-7-|;ulbm-u;mѴ-u;bvbॕmrub-7-ĺ
81
Cliente de la Auditoría
u]-mb-1bॕmor;uvom-t;voѴb1b|-m--7b|ouझ-ĺ
Nota 1:;m;Ѵ1-vo7;Ѵ--7b|ouझ-bm|;um-ķ;Ѵ1Ѵb;m|;7;-7b|ouझ-|-l0b࣐mr;7;v;u;Ѵ-7b|-7oo
Ѵ-r;uvom-Ővőt;-7lbmbv|u-;Ѵruo]u-l-7;-7b|ouझ-ĺ-vvoѴb1b|7;v7;-7b|ouझ-;|;um-r;7;m
ruo;mbu7;=;m|;v|-Ѵ;v1olou;]Ѵ-7ou;vķr-u|;v1om|u-|-m|;vo1Ѵb;m|;vro|;m1b-Ѵ;vo;bv|;m|;vĺ
Auditado
u]-mb-1bॕm;mv|o|-Ѵb7-7or-u|;v7;;ѴѴ-vb;m7o-7b|-7-ĺ
Auditor
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
;uvom-t;u;-Ѵb-m--7b|ouझ-ĺ
82
Equipo Auditor
&m-ol࢙vr;uvom-vt;u;-Ѵb-mm--7b|ouझ-ķ-ro-7-vvb;vm;1;v-uborou;r;u|ov|࣐1mb1ov
o|-ƐĹ&m-7b|ou7;Ѵ;tbro7;-7b|ouझ-;v7;vb]m-7o1olo;ѴѴझ7;u7;Ѵ;tbro7;-7b|ouझ-ĺ
o|-ƑĹ Ѵ;tbro7;-7b|ouझ-r;7;bm1Ѵbu-7b|ou;v;m1-r-1b|-1bॕmĺ
Experto Técnico
;uvom-t;ruorou1bom-1omo1blb;m|ovo;r;ub;m1b-;vr;1झC1ov-Ѵ;tbro7;-7b|ouझ-ĺ
o|-ƑĹ&m;r;u|o|࣐1mb1o7;Ѵ;tbro7;-7b|ouझ-mo-1|ি-1olo-7b|ouĺ
Observador
m7bb7ot;-1olr-ो--Ѵ;tbro7;-7b|ouझ-r;uot;mo-1|ি-1olo-7b|ouĺ
83
Guía Programa de Auditoría
Alcance de la Auditoría
Ѵ1-m1;7;-7b|ouझ-v;u;C;u;-Ѵ-Ѵ1-m1;Ѵझlb|;v7;m--7b|ouझ-ĺ
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
Ѵ-Ѵ1-m1;7;Ѵ--7b|ouझ-];m;u-Ѵl;m|;bm1Ѵ;m-7;v1ubr1bॕm7;Ѵ-v0b1-1bom;vࣱvb1-vbu|-Ѵ;vķ
=m1bom;vķmb7-7;vou]-mb-ঞ-vķ-1ঞb7-7;vruo1;vovķ-vझ1olo;Ѵr;uझo7o7;ঞ;lro10b;u|oĺ
&m-0b1-1bॕmbu|-Ѵ;v1-m7om-ou]-mb-1bॕmu;-Ѵb-m|u-0-fooruorou1bom-mv;ub1bov-m7o
m;m|oumo;mѴझm;-t;r;ulb|;-Ѵ-vr;uvom-vķbm7;r;m7b;m|;l;m|;7;Ѵ-v0b1-1bom;vࣱvb1-vķ;f;1|-u
ruo1;vovĺ
84
Plan de Auditoría
;v1ubr1bॕm7;Ѵ-v-1ঞb7-7;vѴov-uu;]Ѵovr-u-m--7b|ouझ-ĺ
Conformidad No Conformidad
lrѴblb;m|o7;mu;tbvb|oĺ m1lrѴblb;m|o7;mu;tbvb|oĺ
85
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
86
Métodos de Auditoría
Cláusula 4: Principios de Auditoría
1.m|;]ub7-7ĹѴ-0-v;7;Ѵruo=;vbom-Ѵbvloĺ
2.u;v;m|-1bॕmfv|-ĹѴ-o0Ѵb]-1bॕm7;bm=oul-u;u-;-1|-l;m|;ĺ
3. ;0b7o1b7-7oruo=;vbom-ѴĹѴ--rѴb1-1bॕm7;Ѵ-7bѴb];m1b-;Ѵfb1bo;mѴ--7b|ouझ-ĺ
4.om=b7;m1b-Ѵb7-7Ĺv;]ub7-77;Ѵ-bm=oul-1bॕmĺ
5.m7;r;m7;m1b-ĹѴ-0-v;r-u-Ѵ-blr-u1b-Ѵb7-77;Ѵ--7b|ouझ-Ѵ-o0f;|bb7-77;Ѵ-v1om1Ѵvbom;v7;
Ѵ--7b|ouझ-ĺ
6. m=ot;0-v-7o;mѴ-;b7;m1b-Ĺ;Ѵl࣐|o7ou-1bom-Ѵr-u-ѴѴ;]-u-1om1Ѵvbom;v7;-7b|ouझ-=b-0Ѵ;v
u;ruo71b0Ѵ;v;mmruo1;vo7;-7b|ouझ-vbv|;l࢙|b1oĺ
7. m=ot;0-v-7o;m;Ѵub;v]oĹm;m=ot;7;-7b|ouझ-t;1omvb7;u-ub;v]ovorou|mb7-7;vĺ
ov-7b|ou;vѴ-Ővőr;uvom-Ővőt;-7lbmbv|u-mmruo]u-l-7;-7b|ouझ-7;0;uझ-mĹ
ĺ !;-Ѵb-uv|u-0-fo7;=oul-࣐|b1-ķ1om_om;v|b7-7u;vromv-0bѴb7-7ĺ
ĺ "oѴou;-Ѵb-u-1|bb7-7;v7;-7b|ouझ-vb;v1olr;|;m|;r-u-_-1;uѴoĺ
ĺ !;-Ѵb-uv|u-0-fo7;l-m;u-blr-u1b-Ѵķ;v7;1buķv;]buvb;m7ofv|o;blr-u1b-Ѵ;m|o7ovvv|u-|ovĺ
ĺ ";u v;mvb0Ѵ; - 1-Ѵtb;u bm=Ѵ;m1b- t; r;7- ;f;u1;u vo0u; v fb1bo lb;m|u-v ѴѴ;- - 1-0o m-
-7b|ouझ-ĺ
ov-7b|ou;v7;0;uझ-m|;m;u;Ѵ7;0b7o1b7-7o7;-1;u7o1omѴ-blrou|-m1b-7;Ѵ-|-u;-t;u;-Ѵb-m
Ѵ-1omC-m-7;rovb|-7-;m;ѴѴovrou;Ѵ1Ѵb;m|;7;-7b|ouझ-o|u-vr-u|;vbm|;u;v-7-vĺ&m=-1|ou
blrou|-m|;r-u-ѴѴ;-u-1-0ov|u-0-fo1omѴ-7;0b7--|;m1bॕmruo=;vbom-Ѵ;v|;m;uѴ-1-r-1b7-77;
;lbঞufb1bovu-om-7ov;m|o7-vѴ-vvb|-1bom;v7;-7b|ouझ-ĺ
87
omC7;m1b-Ѵb7-7Ĺv;]ub7-77;Ѵ-bm=oul-1bॕmĺ
ov-7b|ou;v7;0;uझ-m;f;u1;u7bv1u;1bॕm;m;ѴvoѴ-ruo|;11bॕm7;Ѵ-bm=oul-1bॕm-7tbub7-
en ;Ѵ7;v;lr;ोo7;vv=m1bom;vĺ-bm=oul-1bॕm7;-7b|ouझ-mo7;0;uझ-v;uঞѴb-7-7; manera
bm-ruorb-7- r-u- 0;m;C1bo r;uvom-Ѵ rou ;Ѵ -7b|ou o ;Ѵ 1Ѵb;m|; 7; -7b|ouझ-ķ o 7; m- l-m;u-
r;uf7b1b-Ѵr-u-Ѵovbm|;u;v;vѴ;]झঞlov7;Ѵ-7b|-7oĺ v|;1om1;r|obm1Ѵ;;Ѵl-m;fo-7;1-7o7;
bm=oul-1bॕmv;mvb0Ѵ;o1omC7;m1b-Ѵĺ
m7;r;m7;m1b-ĹѴ-0-v;r-u-Ѵ-blr-u1b-Ѵb7-77;Ѵ--7b|ouझ-Ѵ-o0f;ঞb7-77;Ѵ-v1om1Ѵvbom;v7;Ѵ-
auditoría.
ov-7b|ou;v7;0;uझ-mv;ubm7;r;m7b;m|;v7;Ѵ--1ঞb7-7-7b|-7-vb;lru;t;v;-rovb0Ѵ;ķ;m
|o7ovѴov1-vovķ7;0;uझ-m-1|-u7;=oul-|-Ѵt;mo;v|࣐mvf;|ov-ru;fb1bovmb-1omYb1|ov7;
bm|;u;v;vĺ-u-Ѵ-v-7b|ouझ-vbm|;um-vķѴov-7b|ou;v7;0;uझ-mv;ubm7;r;m7b;m|;v7;Ѵ-=m1bॕmt;
v; ;v|࢙ -7b|-m7oķ vb ;v rovb0Ѵ;ĺ ov -7b|ou;v 7;0;uझ-m l-m|;m;u Ѵ- o0f;ঞb7-7 7u-m|; |o7o ;Ѵ
ruo1;vo7;-7b|ouझ-r-u-]-u-mঞ-ut;Ѵov_-ѴѴ-]ov1om1Ѵvbom;v7;Ѵ--7b|ouझ-v;0-v;mvoѴo
;mѴ-;b7;m1b-7;-7b|ouझ-ĺ
-u-Ѵ-vou]-mb-1bom;vr;t;ो-vķr;7;t;Ѵov-7b|ou;vbm|;umovmov;-m|o|-Ѵl;m|; independientes
7;Ѵ--1ঞb7-7t;v;-7b|-ķr;uov;7;0;uझ-m_-1;u|o7ovѴov;v=;uovr-u-;Ѵblbm-u;Ѵv;v]o
-Ѵ;m|-uѴ-o0f;ঞb7-7ĺ
m=ot;0-v-7o;mѴ-;b7;m1b-Ĺ;Ѵl࣐|o7ou-1bom-Ѵr-u-ѴѴ;]-u-1om1Ѵvbom;v7;-7b|ouझ-C-0Ѵ;v
u;ruo71b0Ѵ;v;mmruo1;vo7;-7b|ouझ-vbv|;l࢙ঞ1oĺ
- ;b7;m1b- 7; -7b|ouझ- 7;0;uझ- v;u;ubC1-0Ѵ;ĺ m ];m;u-Ѵķ 7;0;uझ- 0-v-uv; ;m l;v|u-v 7; Ѵ-
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
bm=oul-1bॕm7bvromb0Ѵ;ķ-t;m--7b|ouझ-v;ѴѴ;--1-0o7u-m|;mঞ;lroCmb|o1omu;1uvov
Ѵblb|-7ovĺ";7;0;uझ--rѴb1-umvo-ruorb-7o7;Ѵl;v|u;oķ-t;;v|࢙;v|u;1_-l;m|;u;Ѵ-1bom-7o
1omѴ-1omC-m-t;v;r;7;7;rovb|-u;mѴ-v1om1Ѵvbom;v7;Ѵ--7b|ouझ-ĺ
Ѵ;m=ot;0-v-7o;m;Ѵub;v]o7;0;uझ-bmYbuvv|-m1b-Ѵl;m|;;mѴ-rѴ-mbC1-1bॕmķ1om711bॕm
ru;v;m|-1bॕm7;bm=oul;v7;Ѵ-v-7b|ouझ-vr-u-]-u-mঞ-ut;Ѵ-v-7b|ouझ-vv;1;m|u;m;m-vm|ov
t;vomblrou|-m|;vr-u-;Ѵ1Ѵb;m|;7;-7b|ouझ-r-u-Ѵo]u-uѴovo0f;ঞov7;Ѵruo]u-l-7;-7b|ouझ-ĺ
88
Cláusula 5: Programa de Auditoría
$ƐĹ v|-C]u-bѴv|u-Ѵ--rѴb1-1bॕmѴ-m;-uŋ-1;uŋ(;ubC1-uŋ1|-uķ;m;v|;7o1l;m|oĺ
$ƑĹ-ml;u-1bॕm7;1Ѵ࢙vѴ-vņv01Ѵ࢙vѴ-vv;u;C;u;-Ѵ-v1Ѵ࢙vѴ-vņv01Ѵ࢙vѴ-vu;Ѵ;-m|;v
7;;v|;7o1l;m|oĺ
b]u-ƐĹ Ѵfo7;ruo1;vor-u-Ѵ-];vঞॕm7;mruo]u-l-7;-7b|ouझ-ĺ
89
Cláusula 7: Atributos Personales
90