Iso 27001 PRT4

3.
1 Control de Acceso
;7bovr-u--v;]u-ut;;Ѵ-11;vo-Ѵov-1ঞov;v|࢙-|oub-7ou;v|ubm]b7o;m=m1bॕm7;Ѵov
u;tbvb|ov7;m;]o1bo7;v;]ub7-7ĺ
ƒĺƑo7;Ѵom-Ѵझঞ1o
Ѵ]oub|loo1࢙Ѵ1Ѵot;1ol0bm-m-ol࢙vmedidas básicasŐƒĺƐƏőoderivadasŐƒĺƑƑővb]b;m7oѴov
1ub|;ubov7;7;1bvbॕm-vo1b-7ov-Ѵ-vlbvl-vĺ
3.3 Ataque
$;m|-ঞ-7;7;v|ubuķ;rom;uķ-Ѵ|;u-uķbm_-0bѴb|-uķuo0-uo-11;7;uvbm-|oub-1bॕmo_-1;umvomo
-|oub-7o7;m-1ঞoĺ
3.4 Atributo
uorb;7-7o1-u-1|;uझvঞ1-7;mobjetoŐƒĺƔƔőt;;v1-mঞ|-ঞ-o1-Ѵb|-ঞ-l;m|;7bvঞm]b0Ѵ;
roul;7bov_l-movo-|ol࢙ঞ1ovĺ
Œ7-r|-7-7;"ņ ƐƔƖƒƖĹƑƏƏƕœ
3.5 Auditoría
ProcesoŐƒĺѵƐővbv|;l࢙ঞ1oķbm7;r;m7b;m|;7o1l;m|-7or-u-o0|;m;u;b7;m1b-v7;-7b|ouझ-
;-Ѵ-uѴ-v7;l-m;u-o0f;ঞ-1om;ѴCm7;7;|;ulbm-u;Ѵ]u-7o;m;Ѵt;v;1lrѴ;mѴov1ub|;ubov
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)

7;-7b|ouझ-ĺ
$ƐĹ&m--7b|ouझ-r;7;v;ubm|;um-Ő7;rubl;u-r-u|;őķo;|;um-Ő7;v;]m7-o|;u1;u-r-u|;őķ
r;7;v;u1ol0bm-7-Ő1ol0bm-m7o7ovol࢙v7bv1brѴbm-vőĺ
$ƑĹľ b7;m1b-7;-7b|ouझ-Ŀľ1ub|;ubov7;-7b|ouझ-Ŀv;7;Cm;m;mѴ-oul-"ƐƖƏƐƐĺ
3.6 Alcance de la Auditoría
|;mvbॕmѴझlb|;v7;m--7b|ouझ-ŐƒĺƔőĺ
Œ"ƐƖƏƐƐĹƑƏƐƐœ
ƒĺƕ|;mঞ1-1bॕm
rou|-1bॕm7;]-u-mঠ-v7;t;vom1ouu;1|-vѴ-v1-u-1|;uझvঞ1-vt;m-;mঞ7-7u;bbm7b1-r-u-vझ
lbvl-ĺ
61
ƒĺѶ|;mঞ1b7-7
uorb;7-71omvbv|;m|;;mt;m-;mঞ7-7;vѴot;7b1;v;uĺ
3.9 Disponibilidad
uorb;7-77;v;u-11;vb0Ѵ;;v|-uѴbv|or-u-vvoo7;l-m7-7;m-;mঞ7-7-|oub-7-ĺ
3.10 Medida Básica

MedidaŐƒĺƓƕő7;Cmb7-roul;7bo7;matributoŐƒĺƓő;Ѵl࣐|o7or-u-1-mঞC1-uѴoĺ
Œ"ņ ƐƔƖƒƖĹƑƏƏƕœ
$Ĺ&m-l;7b7-0࢙vb1-;v=m1bom-Ѵl;m|;bm7;r;m7b;m|;7;o|u-vl;7b7-vĺ
3.11 Competencia
-r-1b7-7r-u--rѴb1-u1omo1blb;m|ov_-0bѴb7-7;v1om;ѴCm7;Ѵo]u-uѴovu;vѴ|-7ovru;bv|ovĺ
ƒĺƐƑomC7;m1b-Ѵb7-7
uorb;7-77;Ѵ-bm=oul-1bॕmrouѴ-t;v;l-mঞ;m;bm-11;vb0Ѵ;mov;u;;Ѵ--bm7bb7ovķ
;mঞ7-7;voprocesosŐƒĺѵƐőmo-|oub-7ovĺ
3.13 Conformidad
lrѴblb;m|o7;mrequisitoŐƒĺѵƒőĺ
3.14 Consecuencia
!;vѴ|-7o7;msucesoŐƒĺƑƔőt;-=;1|--Ѵovo0f;ঞovŐƒĺƔѵőĺ
Œझ-"ƕƒĹƑƏƏƖœ
$ƐĹ&mv1;vor;7;1om71bu-m-v;ub;7;1omv;1;m1b-vĺ
$ƑĹ&m-1omv;1;m1b-r;7;v;u1b;u|-obm1b;u|-moul-Ѵl;m|;;vm;]-ঞ-;m;Ѵ1om|;|o7;
Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
$ƒĹ-v1omv;1;m1b-vv;r;7;m;ru;v-u7;=oul-1-Ѵb|-ঞ-o1-mঞ|-ঞ-ĺ
$ƓĹ-v1omv;1;m1b-vbmb1b-Ѵ;vr;7;m1om;uঞuv;;mu;-11bom;v;m1-7;m-ĺ
ƒĺƐƔ;fou-omঞm-
1ঞb7-7u;1uu;m|;r-u-l;fou-u;ѴdesempeñoŐƒĺƔƖőĺ
62
3.16 Control
;7b7-t;lo7bC1-mriesgoŐƒĺѵѶőĺ
Œ"झ-ƕƒĹƑƏƖƏœ
$ƐĹov1om|uoѴ;vbm1Ѵ;m1-Ѵtb;uruo1;voķroѴझঞ1-ķ7bvrovbঞoķru࢙1ঞ1-ķo|u-v-11bom;v
t;lo7bCt;mmub;v]oĺ
$ ƑĹ ov 1om|uoѴ;v mo vb;lru; r;7;m ruorou1bom-u ;Ѵ ;=;1|o 7; lo7bC1-1bॕm ru;bv|o o
-vlb7oĺ
ƒĺƐƕ0f;ঞo7;om|uoѴ
;1Ѵ-u-1bॕmt;7;v1ub0;Ѵot;v;tb;u;Ѵo]u-u1olou;vѴ|-7o7;Ѵ-blrѴ;l;m|-1bॕm7;controles
ŐƒĺƐѵőĺ
3.18 Corrección
11bॕmr-u-;Ѵblbm-um-no conformidadŐƒĺƔƒő7;|;1|-7-ĺ
ƒĺƐƖ11bॕmouu;1ঞ-
11bॕmr-u-;Ѵblbm-uѴ-1-v-7;m-no conformidad ŐƒĺƔƒőru;;mbut;;Ѵ--o1uubuĺ
3.20 Datos
omfm|o7;-Ѵou;v-vo1b-7ov-medidas básicasŐƒĺƐƏőķ medida derivadasŐƒĺƑƑőņo indicadores
ŐƒĺƒƏőĺ

$Ĺ v|-7;Cmb1bॕmvoѴov;-rѴb1-;m;Ѵ1om|;|o7;Ѵ-oul-"ņ ƑƕƏƏƓĹƑƏƏƖĺ
3.21 Criterios de Decisión

&l0u-Ѵ;vķo0f;ঞovor-|uom;vt;v;ঞѴb-mr-u-7;|;ulbm-uѴ-m;1;vb7-77;m--11bॕmo7;m-
l-oubm;vঞ]-1bॕmķor-u-7;v1ub0bu;Ѵmb;Ѵ7;1omC-m-;mmu;vѴ|-7o7;|;ulbm-7oĺ
3.22 Medida Derivada

Medida ŐƒĺƓƕőt;v;7;Cm;;m=m1bॕm7;7ovol࢙v-Ѵou;v7;l;7b7-v0࢙vb1-vŐƒĺƐƏőĺ
63
3.23 Información Documentada
m=oul-1bॕmt;m-organizaciónŐƒĺƔƕőঞ;m;t;1om|uoѴ-ul-m|;m;uķ;Ѵl;7bo;m;Ѵt;;v|࢙
1om|;mb7-ĺ
$ƐĹ-bm=oul-1bॕm7o1l;m|-7-r;7;;v|-u;m1-Ѵtb;u=oul-|ol;7boķr;7;ruo;mbu
7;1-Ѵtb;u=;m|;ĺ
$ƑĹ-bm=oul-1bॕm7o1l;m|-7-r;7;_-1;uu;=;u;m1b--Ĺ
վ Ѵsistema de gestiónŐƒĺƓѵőķbm1Ѵb7ovѴovprocesosŐƒĺѵƐőu;Ѵ-1bom-7ovĺ
վ -bm=oul-1bॕm1u;-7-r-u-t;Ѵ-ou]-mb-1bॕmor;u;Ő7o1l;m|-1bॕmőĺ
վ -;b7;m1b-7;Ѵovu;vѴ|-7ov-Ѵ1-m-7ovŐu;]bv|uovőĺ
ƒĺƑƓ C1-1b-
u-7o;m;Ѵ1-Ѵv;u;-Ѵb-mѴ-v-1ঞb7-7;vrѴ-mbC1-7-vv;Ѵo]u-mѴovu;vѴ|-7ovrѴ-mbC1-7ovĺ
3.25 Evento
1uu;m1b-o1-l0bo7;m1omfm|or-uঞ1Ѵ-u7;1bu1mv|-m1b-vĺ
Œ tb-Ѵ;m|;-ľv1;voĿ;mझ-"ƕƒĹƑƏƏƖœ
NOTA 1:&m;;m|or;7;v;uিmb1oou;r;ঞuv;ķv;r;7;7;0;u--ub-v1-v-vĺ
NOTA 2:&m;;m|or;7;1omvbvঞu;m-Ѵ]ot;mov;ѴѴ;]--ruo71buĺ
NOTA 3:Ѵ]m-v;1;vķm;;m|ov;r;7;1-ѴbC1-u1olomľbm1b7;m|;Ŀomľ-11b7;m|;Ŀĺ
ƒĺƑѵ bu;11bॕm f;1ঞ-

;uvom-o]uro7;r;uvom-;mѴ-Ővőt;Ѵovórganos de gobiernoŐƒĺƑƖő_-m7;Ѵ;]-7oѴ-u;vromv-0bѴb7-7
7;blrѴ;l;m|-u;v|u-|;]b-vroѴझঞ1-vr-u--Ѵ1-m-uѴ-lbvbॕm7;Ѵ-organizaciónŐƒĺƔƕőĺ
$Ĺ-7bu;11bॕm;f;1ঞ--;1;vv;ѴѴ-l--Ѵ|-7bu;11bॕmr;7;bm1Ѵbu7bu;1|ou;v];m;u-Ѵ;vķ
7bu;1|ou;vCm-m1b;uovķ7bu;1|ou;v7;Ѵ-bm=oul-1bॕmo|uovuoѴ;vvblbѴ-u;vĺ
3.27 Contexto Externo

m|oumo;|;umo;m;Ѵt;Ѵ-ou]-mb-1bॕm0v1--Ѵ1-m-uvvo0f;ঞovĺ
$Ĺ Ѵ;m|oumo;|;umor;7;bm1ѴbuĹ
64
վ Ѵ;m|oumo1Ѵ|u-Ѵķvo1b-ѴķroѴझ|b1oķѴ;]-Ѵķu;]Ѵ-|ouboķ=bm-m1b;uoķ|;1moѴॕ]b1oķ;1omॕlb1oķm-|u-Ѵ
1olr;|b|boķ-mb;Ѵbm|;um-1bom-Ѵķm-1bom-Ѵķu;]bom-ѴoѴo1-Ѵĺ
վ ov =-1|ou;v Ѵ-v |;m7;m1b-v t; |;m]-m blr-1|o vo0u; Ѵov objetivos ŐƒĺƔѵő 7; Ѵ- organización
ŐƒĺƔƕőĺ
վ Las relaciones con las partes interesadas;|;um-vŐƒĺѶƑőķvvr;u1;r1bom;vvv-Ѵou;vĺ
3.28 Gobernanza de la Seguridad de la Información

omfm|o7;rubm1brbovprocesosŐƒĺѵƐől;7b-m|;Ѵov1-Ѵ;vm-organizaciónŐƒĺƔƕő7bub];
vr;ubv-Ѵ-v-1ঞb7-7;vu;Ѵ-1bom-7-v1omѴ-v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
3.29 Órgano de Gobierno

omfm|o 7; r;uvom-v t; u;vrom7;m ubm7;m 1;m|-v 7;Ѵ desempeño ŐƒĺƔƖő 7; Ѵ- organización
ŐƒĺƔƕőĺ
$Ĺ m-Ѵ]m-vfubv7b11bom;vķ;Ѵॕu]-mo7;]o0b;umor;7;v;u;Ѵ1omv;fo7;-7lbmbv|u-1bॕmĺ
3.30 Indicador
MedidaŐƒĺƓƕőt;ruorou1bom-m-;vঞl-1bॕmom-;-Ѵ-1bॕm7;7;|;ulbm-7ov-|ub0|ovŐƒĺƓő
v-m7omlo7;Ѵo-m-Ѵझঞ1oŐƒĺƑőr-u-v-ঞv=-1;um-v7;|;ulbm-7-vnecesidades de información
ŐƒĺƒƐőĺ
3.31 Necesidades de Información

omo1blb;m|om;1;v-ubor-u-];vঞom-uѴovo0f;ঞovķѴ-vl;|-vķ;Ѵub;v]oѴovruo0Ѵ;l-vĺ

3.32 Recursos (instalaciones) de Tratamiento de Información
-Ѵtb;uvbv|;l-7;|u-|-lb;m|o7;Ѵ-bm=oul-1bॕmķv;ub1bovobm=u-;v|u1|u-ķoѴovѴ]-u;vࣱvb1ov
t;Ѵov-Ѵ0;u]-mĺ
3.33 Seguridad de la Información

u;v;u-1bॕm 7; Ѵ- 1omC7;m1b-Ѵb7-7 ŐƒĺƐƑőķ Ѵ- integridad ŐƒĺƓƏő Ѵ- disponibilidad ŐƒĺƖő 7; Ѵ-
bm=oul-1bॕmĺ
$Ĺ7b;m7oķ-7;l࢙vķ-0-u1-uo|u-vruorb;7-7;vķ1oloѴ--|;mঞ1b7-7ŐƒĺѶőķѴ-u;vromv-0bѴb7-7ķ
el no repudioŐƒĺƔƓőѴ-C-0bѴb7-7ŐƒĺѵƑőĺ
65
ƒĺƒƓomঞmb7-77;Ѵ-";]ub7-77;Ѵ-m=oul-1bॕm
ProcesosŐƒĺѵƐőruo1;7blb;m|ovr-u--v;]u-uѴ-1omঞmb7-77;Ѵ-v-1ঞb7-7;vu;Ѵ-1bom-7-v1omѴ-
seguridad de la informaciónŐƒĺƒƒőĺ
3.35 Evento o Suceso de Seguridad de la Información

1uu;m1b-7;|;1|-7-;m;Ѵ;v|-7o7;mvbv|;l-ķv;ub1boou;7t;bm7b1-m-rovb0Ѵ;boѴ-1bॕm
7;Ѵ-roѴझঞ1-7;v;]ub7-77;Ѵ-bm=oul-1bॕmķm=-ѴѴo7;Ѵov1om|uoѴ;vom-vb|-1bॕm7;v1omo1b7-
_-v|-;Ѵlol;m|ot;r;7;v;uu;Ѵ;-m|;r-u-Ѵ-v;]ub7-7ĺ
3.36 Incidente de Seguridad de la Información

;m|ovbm]Ѵ-uov;ub;7;eventos de la seguridad de la informaciónŐƒĺƒƔőķbm;vr;u-7ovomo
7;v;-7ovķt;ঞ;m;mm-ruo0-0bѴb7-7vb]mbC1-ঞ-7;1olruol;|;uѴ-vor;u-1bom;v7;Ѵm;]o1bo
7;-l;m--uѴ-seguridad de la informaciónŐƒĺƒƒőĺ
ƒĺƒƕ;vঞॕm7;m1b7;m|;v7;";]ub7-77;Ѵ-m=oul-1bॕm
ProcesosŐƒĺѵƐőr-u-Ѵ-7;|;11bॕmķmoঞC1-1bॕmķ;-Ѵ-1bॕmķu;vr;v|-ķ|u-|-lb;m|oķ-ru;m7b-f;7;
incidentes de la seguridad de la informaciónŐƒĺƒѵőĺ
ƒĺƒѶoѴ;1ঞot;olr-u|;m=oul-1bॕm
uro7;ou]-mb-1bom;vt;-1;u7-m1olr-uঞubm=oul-1bॕmĺ
$Ĺ&m-ou]-mb-1bॕmr;7;v;umbm7bb7oĺ
3.39 Sistema de Información

rѴb1-1bom;vķv;ub1bovķ-1ঞov7;|;1moѴo]झ-v7;Ѵ-bm=oul-1bॕmo|uo1olrom;m|;vr-u-l-m;f-u
bm=oul-1bॕmĺ
3.40 Integridad
uorb;7-77;;-1ঞ|71olrѴ;ঞ|7ĺ
3.41 Parte Interesada

;uvom-organizaciónŐƒĺƔƕőt;r;7;-=;1|-uķ;v|-u-=;1|-7-ķor;u1b0but;;v|࢙-=;1|-7-rou
m-7;1bvbॕmo-1ঞb7-7ĺ
3.42 Contexto Interno

m|oumobm|;umo;m;Ѵt;Ѵ-ou]-mb-1bॕm0v1--Ѵ1-m-uvvo0f;ঞovĺ
$Ĺ Ѵ1om|;|obm|;umor;7;bm1ѴbuĹ
66
վ Ѵ]o0b;umoķѴ-;v|u1|u-7;Ѵ-ou]-mb-1bॕmķѴ-v=m1bom;vѴ-o0Ѵb]-1bॕm7;u;m7bu1;m|-vĺ
վ -vroѴझ|b1-vķѴovo0f;|bovѴ-v;v|u-|;]b-vt;v;;v|-0Ѵ;1;mr-u-1omv;]buѴoĺ
վ -v1-r-1b7-7;vķ;m|;m7b7-v;m|࣐ulbmov7;u;1uvov1omo1blb;m|ovŐrou;f;lrѴoķ1-rb|-Ѵķ|b;lroķ
r;uvom-vķruo1;vovķvbv|;l-v|;1moѴo]झ-vőĺ
վ ovvbv|;l-v7;bm=oul-1bॕmķѴov=Ѵfov7;bm=oul-1bॕmѴovruo1;vov7;|ol-7;7;1bvbom;vŐ|-m|o
=oul-Ѵ;v1olobm=oul-Ѵ;vőĺ
վ -vu;Ѵ-1bom;vķr;u1;r1bom;vѴov-Ѵou;v7;Ѵ-vr-u|;vbm|;u;v-7-vbm|;um-vĺ
վ -1Ѵ|u-7;Ѵ-ou]-mb-1bॕmĺ
վ -vmoul-vķѴ-v7bu;1|ub1;vѴovlo7;Ѵov-7or|-7ovrouѴ-ou]-mb-1bॕmĺ
վ -=oul--lrѴb|77;Ѵ-vu;Ѵ-1bom;v1om|u-1|-Ѵ;vĺ
3.43 Proyecto del SGSI

1ঞb7-7;v;v|u1|u-Ѵ;vѴѴ;-7-v-1-0oroum-ou]-mb-1bॕmŐƒĺƔƕőr-u-blrѴ;l;m|-um""ĺ
3.44 Nivel de Riesgo

-]mb|77;mriesgoŐƒĺѵѶőo1ol0bm-1bॕm7;ub;v]ovķ;ru;v-7ov;m|࣐ulbmov7;Ѵ-1ol0bm-1bॕm
de las consecuenciasŐƒĺƐƓő7;vprobabilidadŐƒĺƓƔőĺ
3.45 Probabilidad (likehood)

ovb0bѴb7-77;t;-Ѵ]িm_;1_ov;ruo71-ĺ

ƒĺƓѵ"bv|;l-7;;vঞॕm
omfm|o 7; ;Ѵ;l;m|ov 7; m- organización ŐƒĺƔƕő bm|;uu;Ѵ-1bom-7ov o t; bm|;u-1|ি-m r-u-
;v|-0Ѵ;1;uroѴझঞ1-vŐƒĺѵƏőķo0f;ঞovŐƒĺƔѵőprocesosŐƒĺѵƐőr-u-Ѵo]u-u;v|ovo0f;ঞovĺ
$ƐĹ&mvbv|;l-7;];vঞॕmr;7;|u-|-um-voѴ-7bv1brѴbm-o-ub-v7bv1brѴbm-vĺ
$ ƑĹ ov ;Ѵ;l;m|ov 7;Ѵ vbv|;l- bm1Ѵ;m Ѵ- ;v|u1|u- 7; Ѵ-ou]-mb-1bॕmķ Ѵov uoѴ;v Ѵ-v
u;vromv-0bѴb7-7;vķѴ-rѴ-mbC1-1bॕmķѴ-or;u-1bॕmķ;|1ĺ
$ƒĹ Ѵ-Ѵ1-m1;7;mvbv|;l-7;];vঞॕmr;7;bm1ѴbuѴ-|o|-Ѵb7-77;Ѵ-ou]-mb-1bॕmķ
=m1bom;v;vr;1झC1-v;b7;mঞC1-7-v7;Ѵ-ou]-mb-1bॕmķv;11bom;v;vr;1झC1-v;b7;mঞC1-7-v
de laou]-mb-1bॕmķom-ol࢙v=m1bom;v7;m|uo7;m]uro7;ou]-mb-1bom;vĺ
67
3.47 Medida
(-ub-0Ѵ;-Ѵ-t;v;Ѵ;-vb]m-m-Ѵou1olou;vѴ|-7o7;m-mediciónŐƒĺƓѶőĺ
$Ĺ Ѵ|;ulbmoľl;7b7-vĿv;ঞѴb-r-u-_-1;uu;=;u;m1b-1omfm|-l;m|;-l;7b7-v7;0-v;ķ7;
Ѵ-v7;ub-7-vķ;bm7b1-7ou;vĺ
3.48 Medición
ProcesoŐƒĺѵƐőr-u-7;|;ulbm-um-Ѵouĺ
$Ĺ m;Ѵ1om|;|o7;seguridad de la informaciónŐƒĺƒƒőķ;Ѵruo1;vor-u-7;|;ulbm-um-Ѵou

u;tb;u; bm=oul-1bॕm vo0u; Ѵ- ;C1-1b- ŐƒĺƑƓő 7; m vbv|;l- 7; ];vঞॕm ŐƒĺƓѵő 7; v;]ub7-7 7; Ѵ-
bm=oul-1bॕmvv1ouu;vrom7b;m|;vcontrolesŐƒĺƐѵőঞѴb-m7ommétodo de mediciónŐƒĺƔƏőķm-
función de mediciónŐƒĺƓƖőķmlo7;Ѵo-m-Ѵझঞ1oŐƒĺƑőķmovcriterios de decisiónŐƒĺƑƐőĺ
3.49 Función de Medición

Ѵ]oub|loo1࢙Ѵ1Ѵou;-Ѵb-7or-u-1ol0bm-u7ovol࢙vmedidas básicasŐƒĺƐƏőĺ
3.50 Método de Medición

";1;m1b- Ѵॕ]b1- 7; or;u-1bom;vķ 7;v1ub|-v ];m࣐ub1-l;m|;ķ ঞѴb-7- ;m Ѵ- 1-mঞC1-1bॕm 7; m
atributoŐƒĺƓő1omu;vr;1|o-m-escalaŐƒĺѶƏő;vr;1bC1-7-ĺ
$Ĺ Ѵঞro7;l࣐|o7o7;l;7b1bॕm7;r;m7;7;Ѵ-m-|u-Ѵ;-7;Ѵ-vor;u-1bom;vঞѴb-7-vr-u-
1-mঞC1-um-|ub0|oĺ";r;7;m7bvঞm]bu7ovঞrovĹ
վ "0f;|boĹ-1-m|b=b1-1bॕmv;0-v-;m;Ѵfb1bo_l-moĺ
վ 0f;|boĹ-1-m|b=b1-1bॕmv;0-v-;mu;]Ѵ-vml࣐ub1-vĺ
3.51 Resultados de las Mediciones

&mool࢙vbm7b1-7ou;vŐƒĺƒƏővv1ouu;vrom7b;m|;vbm|;uru;|-1bom;vt;-0ou7-mm-m;1;vb7-7
7;bm=oul-1bॕmŐƒĺƒƐőĺ
68
3.52 Supervisión, Seguimiento o Monitorización (monitoring)
;|;ulbm-1bॕm7;Ѵ;v|-7o7;mvbv|;l-ķmprocesoŐƒĺѵƐőom--1ঞb7-7ĺ
$Ĺ -u- 7;|;ulbm-u ;Ѵ ;v|-7o r;7; v;u m;1;v-ubo ;ubC1-uķ vr;ubv-u o0v;u-u ;m =oul-
1uझঞ1-ĺ
3.53 No Conformidad
m1lrѴblb;m|o7;mrequisitoŐƒĺѵƒőĺ
3.54 No Repudio
-r-1b7-7r-u-1ouuo0ou-ut;;v1b;u|-Ѵ-u;bbm7b1-1bॕm7;t;o1uubॕm1b;u|ov1;voov;
u;-Ѵbॕm-1b;u|--11bॕmrour-u|;7;Ѵ-v;mঞ7-7;vt;Ѵooub]bm-uomĺ
3.55 Objeto
Ѵ;l;m|o1-u-1|;ub-7oroul;7bo7;Ѵ-l;7b1bॕmŐƒĺƓѶő7;vv-|ub0|ovŐƒĺƓőĺ
ƒĺƔѵ0f;ঞo
!;vѴ|-7o-Ѵo]u-u
$ƐĹ&mo0f;ঞor;7;v;u;v|u-|࣐]b1oķ|࢙1ঞ1oor;u-ঞoĺ
$ƑĹovo0f;ঞovr;7;mu;=;ubuv;-7b=;u;m|;v7bv1brѴbm-vŐ1oloCm-m1b;u-vķ7;v;]ub7-7
v-Ѵ7-l0b;m|-Ѵ;vőv;r;7;m-rѴb1-u;m7b=;u;m|;vmb;Ѵ;vŐ1olo;v|u-|࣐]b1ovķr-u-|o7-Ѵ-
ou]-mb-1bॕmķr-u-ruo;1|ovķruo71|ovprocesosŐƒĺѵƐőőĺ

$ƒĹ&mo0f;ঞov;r;7;;ru;v-u7;o|u-vl-m;u-vķrou;f;lrѴoķ1olomu;vѴ|-7oru;bv|oķ
mruorॕvb|oķm1ub|;uboor;u-ঞoķmo0f;ঞo7;v;]ub7-77;Ѵ-bm=oul-1bॕmķol;7b-m|;;Ѵvo
7;|࣐ulbmov1ommvb]mbC1-7ovblbѴ-uŐrou;f;lrѴoķCm-Ѵb7-7ol;|-őĺ
$ƓĹ m;Ѵ1om|;|o7;vbv|;l-v7;];vঞॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmķѴ-ou]-mb-1bॕm
;v|-0Ѵ;1;Ѵovo0f;ঞov7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmķ;m1om1ou7-m1b-1omѴ-roѴझঞ1-7;
v;]ub7-77;Ѵ-bm=oul-1bॕmķr-u-Ѵo]u-uu;vѴ|-7ov;vr;1झC1ovĺ
3.57 Organización
;uvom-o]uro7;r;uvom-vt;ঞ;m;mvvruorb-v=m1bom;v1omu;vromv-0bѴb7-7;vķ-|oub7-7;v
u;Ѵ-1bom;vr-u-;ѴѴo]uo7;vvo0f;ঞovŐƒĺƔѵőĺ
$Ĺ Ѵ 1om1;r|o 7; ou]-mb-1bॕm bm1Ѵ;ķ r;uo mo v; Ѵblb|- -ķ ;lru;v-ubov mbr;uvom-Ѵ;vķ
;lru;v-vķ1ourou-1bom;vķCul-vķ-|oub7-7;vķ-vo1b-1bom;vķ;|1ĺķ;mvblbvl-vķr-u1b-Ѵl;m|;o]uro
7;;ѴѴ-vķv;-mrি0Ѵb1-vorub-7-vĺ
69
3.58 Contratar Externamente (verbo)
v|-0Ѵ;1;um-1;u7ol;7b-m|;;Ѵ1-Ѵm-organizaciónŐƒĺƔƕő;|;um-u;-Ѵb-r-u|;7;m-=m1bॕm
o procesoŐƒĺѵƐő7;m-ou]-mb-1bॕmĺ
$ƐĹ&m-ou]-mb-1bॕm;|;um-;v|࢙=;u-7;Ѵ-Ѵ1-m1;7;Ѵvbv|;l-7;];vঞॕmŐƒĺƓѵőķ-mt;Ѵ-
=m1bॕmoruo1;vo1om|u-|-7o;|;um-l;m|;=oul;r-u|;7;Ѵ-Ѵ1-m1;ĺ
3.59 Desempeño
!;vѴ|-7ol;7b0Ѵ;ĺ
$ƐĹ Ѵ7;v;lr;ोov;r;7;u;Ѵ-1bom-u1om_-ѴѴ-]ov1-mঞ|-ঞovo1-Ѵb|-ঞovĺ
$ƑĹ Ѵ7;v;lr;ोov;r;7;u;Ѵ-1bom-u1omѴ-];vঞॕm7;-1ঞb7-7;vķprocesosŐƒĺѵƐőķ
ruo71|ovŐbm1Ѵb7ovv;ub1bovőķvbv|;l-vorganizaciones ŐƒĺƔƕőĺ
ƒĺѵƏoѴझঞ1-
m|;m1bom;v7bu;11bॕm7;m-organizaciónŐƒĺƔƕőķ1oloѴ-v;ru;v-=oul-Ѵl;m|;valta dirección
ŐƒĺѶƓőĺ
3.61 Proceso
omfm|o7;-1ঞb7-7;vbm|;uu;Ѵ-1bom-7-vot;bm|;u-1|ি-mķt;|u-mv=oul-;Ѵ;l;m|ov7;;m|u-7-
;m;Ѵ;l;m|ov7;v-Ѵb7-ĺ
3.62 Fiabilidad
uorb;7-7u;Ѵ-ঞ--Ѵ-1omvbv|;m1b-;m;Ѵ1olrou|-lb;m|o;mѴovu;vѴ|-7ov7;v;-7ovĺ
3.63 Requisito
;1;vb7-7o;r;1|-ঞ-t;;v|࢙;v|-0Ѵ;1b7-ķ];m;u-Ѵl;m|;blrѴझ1b|-o0Ѵb]-|oub-ĺ
$ƐĹľ;m;u-Ѵl;m|;blrѴझ1b|-Ŀvb]mbC1-t;;vm-1ov|l0u;oru࢙1ঞ1-1olিm;mѴ-ou]-mb-1bॕm
;mѴ-vr-u|;vbm|;u;v-7-vķt;Ѵ-m;1;vb7-7o;r;1|-ঞ-t;v;1omvb7;u-;v|࢙blrѴझ1b|-ĺ
$ ƑĹ &m u;tbvb|o ;vr;1bC1-7o ;v ;Ѵ t; ;v|࢙ 7;1Ѵ-u-7oķ rou ;f;lrѴoķ ;m bm=oul-1bॕm
7o1l;m|-7-ĺ
3.64 Riesgo Residual

RiesgoŐƒĺѵѶőu;l-m;m|;7;vr࣐v7;Ѵtratamiento del riesgoŐƒĺƕƖőĺ
$ƐĹ Ѵub;v]ou;vb7-Ѵr;7;1om|;m;uub;v]ovmob7;mঞC1-7ovĺ
$ƑĹ Ѵub;v]ou;vb7-Ѵ|-l0b࣐mv;r;7;1omo1;u1oloľub;v]ou;|;mb7oĿĺ
70
3.65 Revisión
1ঞb7-7t;v;u;-Ѵb-r-u-7;|;ulbm-uѴ-b7om;b7-7ķѴ--7;1-1bॕmѴ-;C1-1b-ŐƒĺƑƓő7;Ѵ|;l-
;v|7b-7or-u-1omv;]buѴovo0f;ঞov;v|-0Ѵ;1b7ovĺ
3.66 Objeto en Revisión

Ѵ;l;m|o;vr;1झC1ot;;v|࢙vb;m7ou;bv-7oĺ
ƒĺѵƕ0f;ঞo7;Ѵ-!;bvbॕm
;1Ѵ-u-1bॕmt;7;v1ub0;Ѵot;v;tb;u;Ѵo]u-u1olou;vѴ|-7o7;m-u;bvbॕmĺ
3.68 Riesgo
=;1|o7;Ѵ-bm1;uঞ7l0u;vo0u;Ѵ-1omv;11bॕm7;Ѵovo0f;ঞovĺ
$ƐĹ&m;=;1|o;vm-7;vb-1bॕmķrovbঞ-ņom;]-ঞ-ķu;vr;1|o-Ѵoruobv|oĺ
$ƑĹ-bm1;uঞ7l0u;;v;Ѵ;v|-7oķbm1Ѵvor-u1b-Ѵķ7;7;C1b;m1b-;mѴ-bm=oul-1bॕmu;Ѵ-ঞ--
la 1olru;mvbॕmo-Ѵ1omo1blb;m|o7;msucesoŐƒĺƑƔőķ7;vvconsecuenciasŐƒĺƐƓőo7;v
probabilidadŐƒĺƓƔőĺ
$ƒĹom=u;1;m1b-ķ;Ѵub;v]ov;1-u-1|;ub-rouu;=;u;m1b--sucesosŐƒĺƑƔőro|;m1b-Ѵ;v-vv
consecuenciasŐƒĺƐƓőom-1ol0bm-1bॕm7;-l0ovĺ

$ ƓĹ om =u;1;m1b-ķ ;Ѵ ub;v]o v; ;ru;v- ;m |࣐ulbmov 7; 1ol0bm-1bॕm 7; Ѵ-v consecuencias
ŐƒĺƐƓő7;mv1;voŐbm1Ѵ;m7oѴov1-l0bov;mѴ-v1bu1mv|-m1b-vő7;vprobabilidadŐƒĺƓƔőĺ
$ƔĹ m;Ѵ1om|;|o7;vbv|;l-7;];vঞॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmķѴovub;v]ov7;v;]ub7-7
7;Ѵ-bm=oul-1bॕmv;r;7;m;ru;v-u1olo;Ѵ;=;1|o7;Ѵ-bm1;uঞ7l0u;vo0u;Ѵovo0f;ঞov7;v;]ub7-7
7;Ѵ-bm=oul-1bॕmĺ
$ѵĹ Ѵub;v]o7;v;]ub7-77;Ѵ-bm=oul-1bॕmv;u;Ѵ-1bom-1omѴ-rovb0bѴb7-77;t;Ѵ-vamenazas
ŐƒĺѶƒő ;rѴo|;m vulnerabilidades ŐƒĺѶƖő 7; m -1ঞo o ]uro 7; -1ঞov 7; bm=oul-1bॕm 1-v;m
7-ोo-m-ou]-mb-1bॕmĺ
71
3.69 Aceptación del Riesgo
;1bvbॕmbm=oul-7-;m=-ou7;|ol-umriesgoŐƒĺѵѶőr-uঞ1Ѵ-uĺ
$ƐĹ--1;r|-1bॕm7;Ѵub;v]or;7;|;m;uѴ]-uvbmt;;bv|-tratamiento del riesgoŐƒĺƕƖőo

7u-m|;;Ѵruo1;vo7;|u-|-lb;m|o7;Ѵub;v]oĺ
$ƑĹovub;v]ov-1;r|-7ovvomo0f;|o7;seguimientoŐƒĺƔƑő7;revisiónŐƒĺѵƔőĺ
3.70 Análisis del Riesgo

uo1;vot;r;ulb|;1olru;m7;uѴ-m-|u-Ѵ;-7;ѴriesgoŐƒĺѵѶő7;|;ulbm-u;Ѵnivel de riesgoŐƒĺƓƓőĺ
$ƐĹ Ѵ-m࢙Ѵbvbv7;Ѵub;v]oruorou1bom-Ѵ-v0-v;vr-u-Ѵ-evaluación del riesgoŐƒĺƕƓőr-u-|ol-u

Ѵ-v7;1bvbom;vu;Ѵ-ঞ-v-Ѵtratamiento del riesgoŐƒĺƕƖőĺ
$ƑĹ Ѵ-m࢙Ѵbvbv7;Ѵub;v]obm1Ѵ;Ѵ-;vঞl-1bॕm7;Ѵub;v]oĺ
3.71 Apreciación del Riesgo

ProcesoŐƒĺѵƐő]Ѵo0-Ѵt;1olru;m7;Ѵ-b7;mঞC1-1bॕm7;Ѵub;v]oŐƒĺƕƔőķ;Ѵanálisis del riesgoŐƒĺƕƏő
la evaluación del riesgoŐƒĺƕƓőĺ
3.72 Comunicación y Consulta del Riesgo

uo1;vovb|;u-ঞov1omঞmovt;u;-Ѵb-m-ou]-mb-1bॕmr-u-ruorou1bom-uķ1olr-uঞuo0|;m;u
bm=oul-1bॕmr-u-;v|-0Ѵ;1;u;Ѵ7b࢙Ѵo]o1omѴ-vpartes interesadasŐƒĺѶƑőķ;mu;Ѵ-1bॕm1omѴ-];vঞॕm
del riesgoŐƒĺѵѶőĺ
$ƐĹ-bm=oul-1bॕmr;7;1ouu;vrom7;u-Ѵ-;bv|;m1b-ķѴ-m-|u-Ѵ;-ķѴ-=oul-ķѴ-ruo0-0bѴb7-7ķ
Ѵ-blrou|-m1b-ķѴ-;-Ѵ-1bॕmķѴ--1;r|-0bѴb7-7;Ѵ|u-|-lb;m|o7;Ѵ-];vঞॕm7;Ѵub;v]oĺ
$ƑĹ-1omvѴ|-1omvঞ|;mruo1;vo7;1olmb1-1bॕmbm=oul-7-7;7o0Ѵ;v;mঞ7o;m|u;m-
ou]-mb-1bॕmvvr-u|;vbm|;u;v-7-vķvo0u;m-1;vঞॕm-m|;v7;|ol-um-7;1bvbॕmo7;|;ulbm-u
m-oub;m|-1bॕmvo0u;7b1_-1;vঞॕmĺ-1omvѴ|-;vĹ
վ &mruo1;vot;blr-1|-vo0u;m-7;1bvbॕm-|u-࣐v7;Ѵ-bm=Ѵ;m1b-l࢙vt;rouѴ--|oub7-7ĺ
վ &m-1om|ub01bॕmr-u-m-|ol-7;7;1bvbॕmmom-|ol-7;7;1bvbॕm1omfm|-ĺ
72
3.73 Criterios de Riesgo
$࣐ulbmov7;u;=;u;m1b-u;vr;1|o-Ѵovt;v;;-Ѵি-Ѵ-blrou|-m1b-7;m riesgoŐƒĺѵѶőĺ
$ƐĹov1ub|;ubov7;ub;v]ov;0-v-m;mѴovo0f;ঞov7;Ѵ-ou]-mb-1bॕm;m;Ѵ1om|;|o
;|;umo;bm|;umoĺ
$ƑĹov1ub|;ubov7;ub;v]ov;r;7;o0|;m;u7;moul-vķѴ;;vķroѴझঞ1-vo|uovu;tbvb|ovĺ
3.74 Evaluación del Riesgo

ProcesoŐƒĺѵƐő7;1olr-u-1bॕm7;Ѵovu;vѴ|-7ov7;Ѵ-m࢙Ѵbvbv7;ub;v]oŐƒĺƕƏő1omѴovcriterios de
riesgoŐƒĺƕƒőr-u-7;|;ulbm-uvb;ѴriesgoŐƒĺѵѶőņovl-]mb|7vom-1;r|-0Ѵ;vo|oѴ;u-0Ѵ;vĺ
NOTA:-;-Ѵ-1bॕm7;Ѵub;v]o-7--Ѵ-|ol-7;7;1bvbom;vvo0u;;Ѵtratamiento del riesgoŐƒĺƕƖőĺ
ƒĺƕƔ7;mঞC1-1bॕm7;Ѵ!b;v]o
uo1;vot;1olru;m7;Ѵ-0িvt;7-ķ;Ѵu;1omo1blb;m|oѴ-7;v1ubr1bॕm7;Ѵovriesgos ŐƒĺѵѶőĺ
$ƐĹ-b7;mঞC1-1bॕm7;Ѵub;v]oblrѴb1-Ѵ-b7;mঞC1-1bॕm7;Ѵ-v=;m|;v7;ub;v]ovķѴovv1;vovķ
vv1-v-vvv1omv;1;m1b-vro|;m1b-Ѵ;vĺ

$ ƑĹ - b7;mঞC1-1bॕm 7;Ѵ ub;v]o r;7; blrѴb1-u 7-|ov _bv|ॕub1ovķ -m࢙Ѵbvbv |;ॕub1ovķ orbmbom;v
bm=oul-7-v7;;r;u|ovķ-vझ1olom;1;vb7-7;v7;ѴѴ-vr-u|;vbm|;u;v-7-vĺ
ƒĺƕѵ;vঞॕm7;Ѵ!b;v]o
1ঞb7-7;v1oou7bm-7-vr-u-7bub]bu1om|uoѴ-um-ou]-mb-1bॕmŐƒĺƔƕő;mѴou;Ѵ-ঞo-Ѵub;v]oŐƒĺѵѶőĺ
ƒĺƕƕuo1;vo7;;vঞॕm7;Ѵ!b;v]o
rѴb1-1bॕm vbv|;l࢙ঞ1- 7; roѴझঞ1-vķ ruo1;7blb;m|ov ru࢙1ঞ1-v 7; ];vঞॕm - Ѵ-v -1ঞb7-7;v 7;
1olmb1-1bॕmķ 1omvѴ|-ķ ;v|-0Ѵ;1blb;m|o 7;Ѵ 1om|;|oķ ; b7;mঞC1-1bॕmķ -m࢙Ѵbvbvķ ;-Ѵ-1bॕm,
|u-|-lb;m|oķv;]blb;m|ou;bvbॕm7;ѴriesgoŐƒĺѵѶőĺ
$Ĺ-oul-"ņ ƑƕƏƏƔঞѴb-;Ѵ|࣐ulbmoľruo1;voĿr-u-7;v1ub0buѴ-];vঞॕmbm|;]u-Ѵ7;Ѵ
ub;v]oĺov;Ѵ;l;m|ov7;m|uo7;Ѵruo1;vo7;];vঞॕm7;Ѵub;v]ov;7;molbm-mľ-1ঞb7-7;vĿĺ
73
3.78 Dueño del Riesgo
;uvom-o;mঞ7-7t;ঞ;m;Ѵ-u;vromv-0bѴb7-7-|oub7-7r-u-];vঞom-umub;v]oŐƒĺѵѶőĺ
3.79 Tratamiento del Riesgo

uo1;voŐƒĺѵƐő7;vঞm-7o-lo7bC1-u;Ѵub;v]oŐƒĺѵѶőĺ
$ƐĹ Ѵ|u-|-lb;m|o7;Ѵub;v]or;7;blrѴb1-uĹ
վ b|-u;Ѵub;v]oķ7;1b7b;m7omobmb1b-uo1om|bm-u1omѴ--1|bb7-7t;lo|b-;Ѵub;v]oĺ
վ 1;r|-uo-l;m|-u;Ѵub;v]o1om;Ѵo0f;|o7;0v1-um-orou|mb7-7ĺ
վ Ѵblbm-uѴ-=;m|;7;ub;v]oĺ
վ -l0b-uѴ-ruo0-0bѴb7-7ĺ
վ -l0b-uѴ-v1omv;1;m1b-vĺ
վ olr-u|bu;Ѵub;v]o1omo|u-o|u-vr-u|;vŐbm1Ѵ;m7oѴov1om|u-|ovѴ-=bm-m1b-1bॕm7;Ѵub;v]oőĺ
վ -m|;m;u;Ѵub;v]o;m0-v;-m-7;1bvbॕmbm=oul-7-ĺ
$ ƑĹ ov |u-|-lb;m|ov 7;Ѵ ub;v]o t; 1om71;m - 1omv;1;m1b-v m;]-ঞ-vķ ;m o1-vbom;v v;
1b|-m1oloľlbঞ]-1bॕm7;Ѵub;v]oĿķľ;Ѵblbm-1bॕm7;Ѵub;v]oĿķľru;;m1bॕm7;Ѵub;v]oĿľu;711bॕm7;Ѵ
ub;v]oĿĺ
$ƒĹ Ѵ|u-|-lb;m|o7;Ѵub;v]or;7;oub]bm-um;ovub;v]ovolo7bC1-uѴovub;v]ov;bv|;m|;vĺ
3.80 Escala
omfm|oou7;m-7o7;-Ѵou;vķ1omঞmoo7bv1u;|oķom1omfm|o7;1-|;]ouझ-v-Ѵ-vt;v;-vb]m-
el atributoŐƒĺƓőĺ
$Ĺ Ѵ ঞro 7; ;v1-Ѵ- 7;r;m7; 7; Ѵ- m-|u-Ѵ;- 7; Ѵ- u;Ѵ-1bॕm ;m|u; Ѵov -Ѵou;v 7; Ѵ- ;v1-Ѵ-ĺ
olিml;m|;v;b7;mঞC1-m1-|uoঞrov7;;v1-Ѵ-Ĺ
1. olbm-ѴĹov-Ѵou;v7;l;7b1bॕmvom1-|;]ouझ-vĺ
2. u7bm-ѴĹov-Ѵou;v7;l;7b1bॕmvom1-|;]ouझ-vou7;m-7-vĺ
3. m|;u-ѴoĹov-Ѵou;v7;Ѵ-vl;7b1bom;vv;-fv|-m-u-m]ov7;-Ѵou;v1-m|b|-|bov7;Ѵ-|ub0|oĺ
4. uorou1bॕmĹov-Ѵou;v7;Ѵ-vl;7b1bom;vvomu;Ѵ-|bovruorou1bom-Ѵ;v-Ѵ-Ѵou7;o|uo-|ub0|oĸ
1ouu;vrom7b;m7o;Ѵ-Ѵou1;uo-Ѵ-Ѵou1;uo7;Ѵ-|ub0|oĺ
v|ovvomvoѴo;f;lrѴov7;ঞrov7;;v1-Ѵ-ĺ
74
3.81 Norma de Implementación de la Seguridad
o1l;m|ot;;vr;1bC1-Ѵ-v=oul-v-|oub-7-vr-u-v-ঞv=-1;uѴ-vm;1;vb7-7;v7;v;]ub7-7ĺ
3.82 Parte Interesada

;uvom- ou]-mb-1bॕm t; r;7; -=;1|-uķ ;v|-u -=;1|-7-ķ o r;u1b0bu t; ;v|࢙ -=;1|-7- rou m-
7;1bvbॕmo-1ঞb7-7ĺ
Œ"ņ ƕƒĹƑƏƏƖœ
3.83 Amenaza
-v-ro|;m1b-Ѵ7;mbm1b7;m|;mo7;v;-7oķ;Ѵ1-Ѵr;7;o1-vbom-u7-ोo-mvbv|;l-o-m-
ou]-mb-1bॕmĺ
3.84 Alta Dirección
;uvom-o]uro7;r;uvom-vt;7bub];m1om|uoѴ-mm-ou]-mb-1bॕmŐƒĺƔƕő-Ѵl࢙v-Ѵ|omb;Ѵĺ
$ƐĹ--Ѵ|-7bu;11bॕmঞ;m;;Ѵro7;ur-u-7;Ѵ;]-u-|oub7-7ruorou1bom-uu;1uvov7;m|uo7;
Ѵ-ou]-mb-1bॕmĺ
$ƑĹ"b;Ѵ-Ѵ1-m1;7;Ѵvbv|;l-7;];vঞॕmŐƒĺƓѵő1olru;m7;voѴom-r-u|;7;m-ou]-mb-1bॕmķ
;m|om1;vľ-Ѵ|-7bu;11bॕmĿv;u;C;u;-tb;m;v7bub];m1om|uoѴ-m;v-r-u|;7;Ѵ-ou]-mb-1bॕmĺ
ƒĺѶƔ mঞ7-77;omC-m-r-u-Ѵ-olmb1-1bॕm7;Ѵ-m=oul-1bॕm
u]-mb-1bॕmbm7;r;m7b;m|;t;vv|;m|-;Ѵbm|;u1-l0bo7;bm=oul-1bॕm7;m|uo7;m1oѴ;1ঞot;
1olr-u|;bm=oul-1bॕmĺ

3.86 Unidad de Medida
-mঞ7-71om1u;|-ķ7;Cmb7--7or|-7-rou1om;mboķ1omѴ-1-Ѵv;1olr-u-mo|u-v1-mঞ7-7;v7;
Ѵ-lbvl-m-|u-Ѵ;--Cm7;;ru;v-uvl-]mb|7;mu;Ѵ-1bॕm-7b1_-1-mঞ7-7ĺ
3.87 Validación
omCul-1bॕml;7b-m|;Ѵ--rou|-1bॕm7;;b7;m1b-o0f;ঞ-7;t;v;_-m1lrѴb7oѴovu;tbvb|ov
r-u-m-ঞѴb-1bॕmo-rѴb1-1bॕm;vr;1झC1-ru;bv|-ĺ
Œ"ņ ƖƏƏƏĹƑƏƏƔœ
75
ƒĺѶѶ(;ubC1-1bॕm
omCul-1bॕml;7b-m|;Ѵ--rou|-1bॕm7;;b7;m1b-o0f;ঞ-7;t;v;_-m1lrѴb7oѴovu;tbvb|ov
;vr;1bC1-7ovĺ
Œ"ņ ƖƏƏƏĹƑƏƏƔœ
$Ĺ$-l0b࣐mro7uझ-ѴѴ-l-uv;ru;0-7;1om=oulb7-7ĺ
3.89 Vulnerabilidad
;0bѴb7-77;m-1ঞoo7;mcontrolŐƒĺƐѵőt;r;7;v;u;rѴo|-7-roum-ol࢙vamenazas
ŐƒĺѶƒőĺ
3.90 Información
-Ѵtb;u=oul-7;u;]bv|uo;Ѵ;1|uॕmb1oķ ॕrঞ1oķl-]m࣐ঞ1oo;mo|uovl;7bovķvv1;rঞ0Ѵ;7;v;u
ruo1;v-7-ķ7bv|ub0b7--Ѵl-1;m-7-ĺ
ƒĺƖƐ1ঞo
Ѵ]o7;-Ѵour-u-Ѵ-ou]-mb-1bॕmķ-v;-|-m]b0Ѵ;obm|-m]b0Ѵ;ķt;;vm;1;v-uboruo|;];uķbm1Ѵ;m7o
r;uvom-Ѵķ_-u7-u;ķvo[-u;ķv;ub1bovķbm=u-;v|u1|u-ķ7o1l;m|ovķ7-|ov;m|u;o|uovĺ
76
Modulo de Auditoría ISO 19011
77
ISO 19011:2018
v|-moul-ruorou1bom-m-]झ-r-u-|o7ovѴov
|-l-ोov ঞrov 7; ou]-mb-1bom;v -7b|ouझ-v
7; 7b=;u;m|;v -Ѵ1-m1;v ;v1-Ѵ-vķ bm1Ѵb7-v -t;ѴѴ-v
u;-Ѵb-7-v rou ]u-m7;v ;tbrov 7; -7b|ouझ-ķ
];m;u-Ѵl;m|;7;ou]-mb-1bom;vl࢙v]u-m7;vķ
-t;ѴѴ-vu;-Ѵb-7-vrou-7b|ou;vbm7bb7-Ѵ;vķ-
v;-;mou]-mb-1bom;v]u-m7;vor;t;ो-vĺ v|-
oub;m|-1bॕm7;0;uझ--7-r|-uv;v;]িm1ouu;vrom7- al
-Ѵ1-m1;ķѴ-1olrѴ;fb7-7Ѵ-;v1-Ѵ-7;Ѵruo]u-l-
7;-7b|ouझ-ĺ
Estructura de la ISO 19011:2018

u;=-1boĺ
m|uo711bॕmĺ
1. Ѵ1-m1;ĺ
2. !;=;u;m1b-vmoul-|b-vĺ
3. $࣐ulbmov7;=bmb1bom;vĺ
4. ubm1brbov7;-7b|ouझ-ĺ
5. 7lbmbv|u-u7;mruo]u-l-7;-7b|ouझ-ĺ
6. !;-Ѵb-1bॕm7;m--7b|ouझ-ĺ
7. olr;|;m1b-;-Ѵ-1bॕm7;Ѵov-7b|ou;vĺ
m;oĺ
b0Ѵbo]u-ࣱ-ĺ
78
Alcance ISO 19011:2018
v|; 7o1l;m|o ruorou1bom- oub;m|-1bॕm vo0u; -7b|ouझ- - vbv|;l-v 7; ];vঞॕmķ bm1Ѵb7ov Ѵov
rubm1brbov 7; -7b|ouझ-ķ Ѵ- ];vঞॕm 7; m ruo]u-l- 7; -7b|ouझ- Ѵ- u;-Ѵb-1bॕm 7; -7b|ouझ-v 7;Ѵ
vbv|;l- 7; ];vঞॕmķ -vझ 1olo oub;m|-1bॕm vo0u; Ѵ- ;-Ѵ-1bॕm 7; Ѵ- 1olr;|;m1b- 7; Ѵ-v r;uvom-v
bmoѴ1u-7-v;m;Ѵruo1;vo7;-7b|ouझ-ĺ
v|-v-1ঞb7-7;vbm1Ѵ;mѴ-vr;uvom-vt;-7lbmbv|u-m;Ѵruo]u-l-7;-7b|ouझ-ķѴov-7b|ou;vѴov
;tbrov7;-7b|ouझ-ĺ
v-rѴb1-0Ѵ;-|o7-vѴ-vou]-mb-1bom;vt;m;1;vb|-mrѴ-mbC1-uѴѴ;-u1-0o-7b|ouझ-vbm|;um-vo
;|;um-v7;Ѵovvbv|;l-v7;];vঞॕmo-7lbmbv|u-umruo]u-l-7;-7b|ouझ-ĺ
--rѴb1-1bॕm7;;v|;7o1l;m|o-o|uovঞrov7;-7b|ouझ-v;vrovb0Ѵ;ķvb;lru;t;v;o|ou];m-
1omvb7;u-1bॕm;vr;1b-Ѵ-Ѵ-1olr;|;m1b-;vr;1झC1-m;1;v-ub-ĺ
Auditoría
uo1;vo vbv|;l࢙ঞ1oķ bm7;r;m7b;m|; 7o1l;m|-7o r-u- o0|;m;u ;b7;m1b- o0f;ঞ- ;-Ѵ-uѴ-
o0f;ঞ-l;m|;r-u-7;|;ulbm-u;mt࣐l;7b7-v;1lrѴ;mѴov1ub|;ubov7;-7b|ouझ-ĺ
Nota 1:Ѵ-v-7b|ouझ-vbm|;um-vķ-;1;vѴѴ-l-7-v-7b|ouझ-v7;rubl;u-r-u|;ķvomu;-Ѵb-7-vrouķo;m
mol0u;7;ķѴ-ou]-mb-1bॕmlbvl-ĺ
Nota 2:-v-7b|ouझ-v;|;um-vbm1Ѵ;m-t;ѴѴ-v];m;u-Ѵl;m|;ѴѴ-l-7-v-7b|ouझ-v7;v;]m7-
|;u1;u-r-u|;ĺ-v-7b|ouझ-v7;v;]m7-r-u|;v;ѴѴ;-m-1-0orouѴ-vr-u|;vt;ঞ;m;mmbm|;u࣐v
;mѴ-ou]-mb-1bॕmķ1oloѴov1Ѵb;m|;vķorouo|u-vr;uvom-v;mvmol0u;ĺ-v-7b|ouझ-v7;|;u1;u-

r-u|; vom ѴѴ;-7-v - 1-0o rou ou]-mb-1bom;v 7; -7b|ouझ- bm7;r;m7b;m|;vķ 1olo -t;ѴѴ-v t;
ruorou1bom-m1;uঞC1-1bॕmņu;]bv|uo7;1om=oulb7-7o-];m1b-v]0;um-l;m|-Ѵ;vĺ
Tipos de Auditoría
79
ĺ Auditorías internas :-;1;vѴѴ-l-7-v-7b|ouझ-v7;rubl;u-r-u|;ķvomu;-Ѵb-7-vrouķo;mmol0u;
7;ķѴ-ou]-mb-1bॕmlbvl-ĺ
ĺ Auditorías externasbm1Ѵ;m-t;ѴѴ-v];m;u-Ѵl;m|;ѴѴ-l-7-v-7b|ouझ-v7;v;]m7-|;u1;u-r-u|;ĺ
Ɛĺ Auditorías de segunda partev;ѴѴ;-m-1-0orouѴ-vr-u|;vt;ঞ;m;mmbm|;u࣐v;mѴ-ou]-mb-1bॕmķ

1oloѴov1Ѵb;m|;vķorouo|u-vr;uvom-v;mvmol0u;ĺ
ƑĺAuditorías de tercera partevomѴѴ;-7-v-1-0orouou]-mb-1bom;v7;-7b|ouझ-bm7;r;m7b;m|;vķ

1olo-t;ѴѴ-vt;ruorou1bom-m1;uঞC1-1bॕmņu;]bv|uo7;1om=oulb7-7o-];m1b-v]0;um-l;m|-Ѵ;vĺ
Criterios de Auditoría
omfm|o7;u;tbvb|ovঞѴb-7ov1olou;=;u;m1b-1omu;vr;1|o-Ѵov1-Ѵ;vv;1olr-u-Ѵ-;b7;m1b-
o0f;ঞ-ĺ
Nota 1: "bѴov1ub|;ubov7;-7b|ouझ-vomѴ;]-Ѵ;vŐbm1Ѵb7ovѴovu;tbvb|ovѴ;]-Ѵ;vou;]Ѵ-l;m|-ubovőķѴ-v
r-Ѵ-0u-vľ1lrѴblb;m|oĿoľbm1lrѴblb;m|oĿ-l;m7ov;ঞѴb-m;mm-1om1Ѵvbॕm7;-7b|ouझ-
Nota 2Ĺovu;tbvb|ovr;7;mbm1ѴburoѴझঞ1-vķruo1;7blb;m|ovķbmv|u11bom;v7;|u-0-foķu;tbvb|ov
Ѵ;]-Ѵ;vķo0Ѵb]-1bom;v1om|u-1|-Ѵ;vķ;|1ĺĺ
Evidencia de la Auditoría
-;b7;m1b-o0f;ঞ-vomѴov7-|ovt; respaldan
Ѵ-;bv|;m1b-oѴ-;u7-77;-Ѵ]oĺ
Nota 1: -;b7;m1b-o0f;ঞ-v;r;7;o0|;m;u
-|u-࣐v7;o0v;u-1bॕmķl;7b1bॕmķru;0-orou
o|uovl;7bovĺ
Nota 2:-;b7;m1b-o0f;ঞ-r-u-;Ѵruorॕvb|o
7;Ѵ--7b|ouझ-];m;u-Ѵl;m|;1omvbv|;;mu;]bv|uovķ
7;1Ѵ-u-1bom;v7;_;1_ovo|u-bm=oul-1bॕmt;
vomu;Ѵ;-m|;vr-u-Ѵov1ub|;ubov7;-7b|ouझ-
;ubC1-0Ѵ;vĺ
80
Resultados de la Auditoría
ovu;vѴ|-7ov7;Ѵ-;-Ѵ-1bॕm7;Ѵ-;b7;m1b-7;-7b|ouझ-u;1orbѴ-7-1om|u-Ѵov1ub|;ubov7;-7b|ouझ-ĺ
Nota 1: ov_-ѴѴ-]ov7;Ѵ--7b|ouझ-bm7b1-m1om=oulb7-7omo1om=oulb7-7ĺ
Nota 2:ov_-ѴѴ-]ov7;Ѵ--7b|ouझ-r;7;m1om71bu-Ѵ-b7;mঞC1-1bॕm7;ub;v]ovķorou|mb7-7;v
7;l;fou-ou;]bv|uo7;0;m-vru࢙1ঞ1-vĺ
Nota 3Ĺ ;m bm]Ѵ࣐vķvbѴov 1ub|;ubov7; -7b|ouझ-v; v;Ѵ;11bom-m7; ;m|u;Ѵov u;tbvb|ovѴ;]-Ѵ;voѴov

u;tbvb|ovu;]Ѵ-l;m|-ubovķ;Ѵ_-ѴѴ-]o7;Ѵ--7b|ouझ-v;7;molbm-1lrѴblb;m|oobm1lrѴblb;m|oĺ
վ -ѴѴ-]o7;1lrѴblb;m|oĺ
վ !;tbvb|ovŐmoul-ķѴ;]-Ѵķu;]Ѵ-l;m|-uboķ1om|u-1|-Ѵőĺ
վ Ѵ;Ѵ;l;m|ov;-fv|--Ѵ-;b];m1b-ĺ
վ -blrѴ-m|-1bॕm1ouu;vrom7;-Ѵ-bm|;m1bॕmĺ
վ -blrѴ-m|-1bॕm;v;=b1-ĺ
;fou;vru࢙1ঞ1-vĹ
վ (;ub=b1-uѴov_;1_ov;u0-Ѵ;vĺ
վ ;=bmbuѴ-m-|u-Ѵ;-7;Ѵ-mo1om=oulb7-71om;Ѵ-7b|-7oķ7;|-ѴѴ-m7oѴ-;b7;m1b-7;-7b|ouझ-ĺ
վ $ol-umo|-v1omvѴ|-uѴ-vrov|;uboul;m|;r-u-u;-Ѵb-u;Ѵu;rou|;ĺ
վ -1;um0ovt;fo7;Ѵu;rou|;7;_-ѴѴ-]ov7u-m|;Ѵ-|ol-7;bm=oul-1bॕmĺ
վ Ѵ=bm-Ѵb-u1-7-foum-7-|;ulbm-u;mѴ-u;bvbॕmrub-7-ĺ

Conclusiones de la Auditoría
!;vѴ|-7o7;m--7b|ouझ-7;vr࣐v7;considerar
Ѵovo0f;ঞov7;-7b|ouझ-|o7ovѴovu;vѴ|-7ov
Ő_-ѴѴ-]ovő7;-7b|ouझ-ĺ
81
Cliente de la Auditoría
u]-mb-1bॕmor;uvom-t;voѴb1b|-m--7b|ouझ-ĺ
Nota 1:;m;Ѵ1-vo7;Ѵ--7b|ouझ-bm|;um-ķ;Ѵ1Ѵb;m|;7;-7b|ouझ-|-l0b࣐mr;7;v;u;Ѵ-7b|-7oo
Ѵ-r;uvom-Ővőt;-7lbmbv|u-;Ѵruo]u-l-7;-7b|ouझ-ĺ-vvoѴb1b|7;v7;-7b|ouझ-;|;um-r;7;m
ruo;mbu7;=;m|;v|-Ѵ;v1olou;]Ѵ-7ou;vķr-u|;v1om|u-|-m|;vo1Ѵb;m|;vro|;m1b-Ѵ;vo;bv|;m|;vĺ
Auditado
u]-mb-1bॕm;mv|o|-Ѵb7-7or-u|;v7;;ѴѴ-vb;m7o-7b|-7-ĺ
Auditor
;uvom-t;u;-Ѵb-m--7b|ouझ-ĺ
82
Equipo Auditor
&m-ol࢙vr;uvom-vt;u;-Ѵb-mm--7b|ouझ-ķ-ro-7-vvb;vm;1;v-uborou;r;u|ov|࣐1mb1ov
o|-ƐĹ&m-7b|ou7;Ѵ;tbro7;-7b|ouझ-;v7;vb]m-7o1olo;ѴѴझ7;u7;Ѵ;tbro7;-7b|ouझ-ĺ
o|-ƑĹ Ѵ;tbro7;-7b|ouझ-r;7;bm1Ѵbu-7b|ou;v;m1-r-1b|-1bॕmĺ
Experto Técnico
;uvom-t;ruorou1bom-1omo1blb;m|ovo;r;ub;m1b-;vr;1झC1ov-Ѵ;tbro7;-7b|ouझ-ĺ

o|-ƐĹ;Ѵ1omo1blb;m|o;vr;1झC1oo;r;ub;m1b-v;u;Ѵ-1bom-1omѴ-ou]-mb-1bॕmķѴ--1ঞb7-7ķ;Ѵ
ruo1;voķ;Ѵruo71|oķ;Ѵv;ub1boķѴ-7bv1brѴbm-t;v;-7b|-u࢙ķ;Ѵb7bol-oѴ-1Ѵ|u-ĺ
o|-ƑĹ&m;r;u|o|࣐1mb1o7;Ѵ;tbro7;-7b|ouझ-mo-1|ি-1olo-7b|ouĺ
Observador
m7bb7ot;-1olr-ो--Ѵ;tbro7;-7b|ouझ-r;uot;mo-1|ি-1olo-7b|ouĺ
83
Guía Programa de Auditoría
;uvom-7;vb]m-7-rou;Ѵ-7b|-7or-u--vbvঞu-Ѵ omfm|o 7; m- o l࢙v -7b|ouझ-v rѴ-mbC1-7-v

;tbro-7b|ouĺ r-u-mr;ubo7o7;ঞ;lro7;|;ulbm-7o7bub]b7-v
_-1b-mruorॕvb|o;vr;1झC1oĺ
Alcance de la Auditoría
Ѵ1-m1;7;-7b|ouझ-v;u;C;u;-Ѵ-Ѵ1-m1;Ѵझlb|;v7;m--7b|ouझ-ĺ
Ѵ-Ѵ1-m1;7;Ѵ--7b|ouझ-];m;u-Ѵl;m|;bm1Ѵ;m-7;v1ubr1bॕm7;Ѵ-v0b1-1bom;vࣱvb1-vbu|-Ѵ;vķ
=m1bom;vķmb7-7;vou]-mb-ঞ-vķ-1ঞb7-7;vruo1;vovķ-vझ1olo;Ѵr;uझo7o7;ঞ;lro10b;u|oĺ
&m-0b1-1bॕmbu|-Ѵ;v1-m7om-ou]-mb-1bॕmu;-Ѵb-m|u-0-fooruorou1bom-mv;ub1bov-m7o
m;m|oumo;mѴझm;-t;r;ulb|;-Ѵ-vr;uvom-vķbm7;r;m7b;m|;l;m|;7;Ѵ-v0b1-1bom;vࣱvb1-vķ;f;1|-u
ruo1;vovĺ
84
Plan de Auditoría
;v1ubr1bॕm7;Ѵ-v-1ঞb7-7;vѴov-uu;]Ѵovr-u-m--7b|ouझ-ĺ
Conformidad No Conformidad
lrѴblb;m|o7;mu;tbvb|oĺ m1lrѴblb;m|o7;mu;tbvb|oĺ

Pruebas de Auditoría
!;]bv|uovķ 7;1Ѵ-u-1bom;v 7; _;1_ov o|u- bm=oul-1bॕmķ t; v;-m u;Ѵ;-m|;v r-u- Ѵov 1ub|;ubov 7;
-7b|ouझ-;ubC1-0Ѵ;vĺ
85
86
Métodos de Auditoría
Cláusula 4: Principios de Auditoría
1.m|;]ub7-7ĹѴ-0-v;7;Ѵruo=;vbom-Ѵbvloĺ
2.u;v;m|-1bॕmfv|-ĹѴ-o0Ѵb]-1bॕm7;bm=oul-u;u-;-1|-l;m|;ĺ
3. ;0b7o1b7-7oruo=;vbom-ѴĹѴ--rѴb1-1bॕm7;Ѵ-7bѴb];m1b-;Ѵfb1bo;mѴ--7b|ouझ-ĺ
4.om=b7;m1b-Ѵb7-7Ĺv;]ub7-77;Ѵ-bm=oul-1bॕmĺ
5.m7;r;m7;m1b-ĹѴ-0-v;r-u-Ѵ-blr-u1b-Ѵb7-77;Ѵ--7b|ouझ-Ѵ-o0f;|bb7-77;Ѵ-v1om1Ѵvbom;v7;
Ѵ--7b|ouझ-ĺ
6. m=ot;0-v-7o;mѴ-;b7;m1b-Ĺ;Ѵl࣐|o7ou-1bom-Ѵr-u-ѴѴ;]-u-1om1Ѵvbom;v7;-7b|ouझ-=b-0Ѵ;v
u;ruo71b0Ѵ;v;mmruo1;vo7;-7b|ouझ-vbv|;l࢙|b1oĺ
7. m=ot;0-v-7o;m;Ѵub;v]oĹm;m=ot;7;-7b|ouझ-t;1omvb7;u-ub;v]ovorou|mb7-7;vĺ
Integridad: la base del profesionalismo.
ov-7b|ou;vѴ-Ővőr;uvom-Ővőt;-7lbmbv|u-mmruo]u-l-7;-7b|ouझ-7;0;uझ-mĹ
ĺ !;-Ѵb-uv|u-0-fo7;=oul-࣐|b1-ķ1om_om;v|b7-7u;vromv-0bѴb7-7ĺ
ĺ "oѴou;-Ѵb-u-1|bb7-7;v7;-7b|ouझ-vb;v1olr;|;m|;r-u-_-1;uѴoĺ
ĺ !;-Ѵb-uv|u-0-fo7;l-m;u-blr-u1b-Ѵķ;v7;1buķv;]buvb;m7ofv|o;blr-u1b-Ѵ;m|o7ovvv|u-|ovĺ
ĺ ";u v;mvb0Ѵ; - 1-Ѵtb;u bm=Ѵ;m1b- t; r;7- ;f;u1;u vo0u; v fb1bo lb;m|u-v ѴѴ;- - 1-0o m-
-7b|ouझ-ĺ
Presentación justa: la obligación de informar veraz y exactamente.

ov _-ѴѴ-]ov 7; Ѵ- -7b|ouझ-ķ Ѵ-v 1om1Ѵvbom;v 7; -7b|ouझ- Ѵov bm=oul;v 7; -7b|ouझ- 7;0;uझ-m
u;Y;f-u7;l-m;u-;u-ru;1bv-Ѵ-v-1ঞb7-7;v7;-7b|ouझ-ĺ";7;0;uझ-mbm=oul-uѴovo0v|࢙1Ѵov
vb]mbC1-ঞov ;m1om|u-7ov 7u-m|; Ѵ- -7b|ouझ- Ѵ-v orbmbom;v 7b;u];m|;v mo u;v;Ѵ|-v ;m|u; ;Ѵ
;tbro7;-7b|ouझ-;Ѵ-7b|-7oĺ-1olmb1-1bॕm7;0;uझ-v;u;u-ķru;1bv-ķo0f;ঞ-ķorou|m-ķ
1Ѵ-u-1olrѴ;|-ĺ
Debido cuidado profesional: la aplicación de la diligencia y el juicio en la auditoría
ov-7b|ou;v7;0;uझ-m|;m;u;Ѵ7;0b7o1b7-7o7;-1;u7o1omѴ-blrou|-m1b-7;Ѵ-|-u;-t;u;-Ѵb-m
Ѵ-1omC-m-7;rovb|-7-;m;ѴѴovrou;Ѵ1Ѵb;m|;7;-7b|ouझ-o|u-vr-u|;vbm|;u;v-7-vĺ&m=-1|ou
blrou|-m|;r-u-ѴѴ;-u-1-0ov|u-0-fo1omѴ-7;0b7--|;m1bॕmruo=;vbom-Ѵ;v|;m;uѴ-1-r-1b7-77;
;lbঞufb1bovu-om-7ov;m|o7-vѴ-vvb|-1bom;v7;-7b|ouझ-ĺ
87
omC7;m1b-Ѵb7-7Ĺv;]ub7-77;Ѵ-bm=oul-1bॕmĺ
ov-7b|ou;v7;0;uझ-m;f;u1;u7bv1u;1bॕm;m;ѴvoѴ-ruo|;11bॕm7;Ѵ-bm=oul-1bॕm-7tbub7-
en ;Ѵ7;v;lr;ोo7;vv=m1bom;vĺ-bm=oul-1bॕm7;-7b|ouझ-mo7;0;uझ-v;uঞѴb-7-7; manera
bm-ruorb-7- r-u- 0;m;C1bo r;uvom-Ѵ rou ;Ѵ -7b|ou o ;Ѵ 1Ѵb;m|; 7; -7b|ouझ-ķ o 7; m- l-m;u-
r;uf7b1b-Ѵr-u-Ѵovbm|;u;v;vѴ;]झঞlov7;Ѵ-7b|-7oĺ v|;1om1;r|obm1Ѵ;;Ѵl-m;fo-7;1-7o7;
bm=oul-1bॕmv;mvb0Ѵ;o1omC7;m1b-Ѵĺ
m7;r;m7;m1b-ĹѴ-0-v;r-u-Ѵ-blr-u1b-Ѵb7-77;Ѵ--7b|ouझ-Ѵ-o0f;ঞb7-77;Ѵ-v1om1Ѵvbom;v7;Ѵ-
auditoría.
ov-7b|ou;v7;0;uझ-mv;ubm7;r;m7b;m|;v7;Ѵ--1ঞb7-7-7b|-7-vb;lru;t;v;-rovb0Ѵ;ķ;m
|o7ovѴov1-vovķ7;0;uझ-m-1|-u7;=oul-|-Ѵt;mo;v|࣐mvf;|ov-ru;fb1bovmb-1omYb1|ov7;
bm|;u;v;vĺ-u-Ѵ-v-7b|ouझ-vbm|;um-vķѴov-7b|ou;v7;0;uझ-mv;ubm7;r;m7b;m|;v7;Ѵ-=m1bॕmt;
v; ;v|࢙ -7b|-m7oķ vb ;v rovb0Ѵ;ĺ ov -7b|ou;v 7;0;uझ-m l-m|;m;u Ѵ- o0f;ঞb7-7 7u-m|; |o7o ;Ѵ
ruo1;vo7;-7b|ouझ-r-u-]-u-mঞ-ut;Ѵov_-ѴѴ-]ov1om1Ѵvbom;v7;Ѵ--7b|ouझ-v;0-v;mvoѴo
;mѴ-;b7;m1b-7;-7b|ouझ-ĺ
-u-Ѵ-vou]-mb-1bom;vr;t;ो-vķr;7;t;Ѵov-7b|ou;vbm|;umovmov;-m|o|-Ѵl;m|; independientes
7;Ѵ--1ঞb7-7t;v;-7b|-ķr;uov;7;0;uझ-m_-1;u|o7ovѴov;v=;uovr-u-;Ѵblbm-u;Ѵv;v]o
-Ѵ;m|-uѴ-o0f;ঞb7-7ĺ
m=ot;0-v-7o;mѴ-;b7;m1b-Ĺ;Ѵl࣐|o7ou-1bom-Ѵr-u-ѴѴ;]-u-1om1Ѵvbom;v7;-7b|ouझ-C-0Ѵ;v
u;ruo71b0Ѵ;v;mmruo1;vo7;-7b|ouझ-vbv|;l࢙ঞ1oĺ
- ;b7;m1b- 7; -7b|ouझ- 7;0;uझ- v;u;ubC1-0Ѵ;ĺ m ];m;u-Ѵķ 7;0;uझ- 0-v-uv; ;m l;v|u-v 7; Ѵ-
bm=oul-1bॕm7bvromb0Ѵ;ķ-t;m--7b|ouझ-v;ѴѴ;--1-0o7u-m|;mঞ;lroCmb|o1omu;1uvov
Ѵblb|-7ovĺ";7;0;uझ--rѴb1-umvo-ruorb-7o7;Ѵl;v|u;oķ-t;;v|࢙;v|u;1_-l;m|;u;Ѵ-1bom-7o
1omѴ-1omC-m-t;v;r;7;7;rovb|-u;mѴ-v1om1Ѵvbom;v7;Ѵ--7b|ouझ-ĺ
Enfoque basado en el riesgo: un enfoque de auditoría que considera riesgos y oportunidades
Ѵ;m=ot;0-v-7o;m;Ѵub;v]o7;0;uझ-bmYbuvv|-m1b-Ѵl;m|;;mѴ-rѴ-mbC1-1bॕmķ1om711bॕm
ru;v;m|-1bॕm7;bm=oul;v7;Ѵ-v-7b|ouझ-vr-u-]-u-mঞ-ut;Ѵ-v-7b|ouझ-vv;1;m|u;m;m-vm|ov
t;vomblrou|-m|;vr-u-;Ѵ1Ѵb;m|;7;-7b|ouझ-r-u-Ѵo]u-uѴovo0f;ঞov7;Ѵruo]u-l-7;-7b|ouझ-ĺ
88
Cláusula 5: Programa de Auditoría
$ƐĹ v|-C]u-bѴv|u-Ѵ--rѴb1-1bॕmѴ-m;-uŋ-1;uŋ(;ubC1-uŋ1|-uķ;m;v|;7o1l;m|oĺ
$ƑĹ-ml;u-1bॕm7;1Ѵ࢙vѴ-vņv01Ѵ࢙vѴ-vv;u;C;u;-Ѵ-v1Ѵ࢙vѴ-vņv01Ѵ࢙vѴ-vu;Ѵ;-m|;v
7;;v|;7o1l;m|oĺ
b]u-ƐĹ Ѵfo7;ruo1;vor-u-Ѵ-];vঞॕm7;mruo]u-l-7;-7b|ouझ-ĺ
89
Cláusula 7: Atributos Personales
Cláusula 6: Actividades de la Auditoría

v|-1Ѵ࢙vѴ-ruorou1bom-oub;m|-1bॕmvo0u;Ѵ-rѴ-mb=b1-1bॕmѴ-=oul-7;ѴѴ;-u-1-0oѴ-v-1|bb7-7;v
7;-7b|ouझ-1olor-u|;7;mruo]u-l-7;-7b|ouझ-ĺ
90

Iso 27001 PRT4

Cargado por

Información del documento

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Iso 27001 PRT4

Cargado por

Copyright:

Formatos disponibles

3.

ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)

3.6 Alcance de la Auditoría

3.10 Medida Básica

ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)

$Ĺ v|-7;Cmb1bॕmvoѴov;-rѴb1-;m;Ѵ1om|;|o7;Ѵ-oul-"ņ ƑƕƏƏƓĹƑƏƏƖĺ

3.21 Criterios de Decisión

3.22 Medida Derivada

ƒĺƑѵ bu;11bॕm f;1ঞ-

3.27 Contexto Externo

3.28 Gobernanza de la Seguridad de la Información

3.29 Órgano de Gobierno

3.31 Necesidades de Información

ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)

3.33 Seguridad de la Información

3.35 Evento o Suceso de Seguridad de la Información

3.36 Incidente de Seguridad de la Información

3.39 Sistema de Información

3.41 Parte Interesada

3.42 Contexto Interno

3.43 Proyecto del SGSI

3.44 Nivel de Riesgo

3.45 Probabilidad (likehood)

ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)

$Ĺ m;Ѵ1om|;|o7;seguridad de la informaciónŐƒĺƒƒőķ;Ѵruo1;vor-u-7;|;ulbm-um-Ѵou

3.49 Función de Medición

3.50 Método de Medición

3.51 Resultados de las Mediciones

ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)

3.64 Riesgo Residual

3.66 Objeto en Revisión

ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)

$ƐĹ--1;r|-1bॕm7;Ѵub;v]or;7;|;m;uѴ]-uvbmt;;bv|-tratamiento del riesgoŐƒĺƕƖőo

3.70 Análisis del Riesgo

$ƐĹ Ѵ-m࢙Ѵbvbv7;Ѵub;v]oruorou1bom-Ѵ-v0-v;vr-u-Ѵ-evaluación del riesgoŐƒĺƕƓőr-u-|ol-u

3.71 Apreciación del Riesgo

3.72 Comunicación y Consulta del Riesgo

3.74 Evaluación del Riesgo

NOTA:-;-Ѵ-1bॕm7;Ѵub;v]o-7--Ѵ-|ol-7;7;1bvbom;vvo0u;;Ѵtratamiento del riesgoŐƒĺƕƖőĺ

ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)

3.79 Tratamiento del Riesgo

3.82 Parte Interesada

ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)

Estructura de la ISO 19011:2018

ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)

Ɛĺ Auditorías de segunda partev;ѴѴ;-m-1-0orouѴ-vr-u|;vt;ঞ;m;mmbm|;u࣐v;mѴ-ou]-mb-1bॕmķ

ƑĺAuditorías de tercera partevomѴѴ;-7-v-1-0orouou]-mb-1bom;v7;-7b|ouझ-bm7;r;m7b;m|;vķ

Nota 3Ĺ ;m bm]Ѵ࣐vķvbѴov 1ub|;ubov7; -7b|ouझ-v; v;Ѵ;11bom-m7; ;m|u;Ѵov u;tbvb|ovѴ;]-Ѵ;voѴov

ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)

ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)

;uvom-7;vb]m-7-rou;Ѵ-7b|-7or-u--vbvঞu-Ѵ omfm|o 7; m- o l࢙v -7b|ouझ-v rѴ-mbC1-7-v

ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)

Integridad: la base del profesionalismo.

Presentación justa: la obligación de informar veraz y exactamente.

ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)

Debido cuidado profesional: la aplicación de la diligencia y el juicio en la auditoría

Enfoque basado en el riesgo: un enfoque de auditoría que considera riesgos y oportunidades

ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)

Cláusula 6: Actividades de la Auditoría

También podría gustarte

$Ĺ v|-7;Cmb1bॕmvoѴov;-rѴb1-;m;Ѵ1om|;|o7;Ѵ-oul-"ņ ƑƕƏƏƓĹƑƏƏƖĺ

ƒĺƑѵ bu;11bॕm f;1ঞ-

$Ĺ m;Ѵ1om|;|o7;seguridad de la informaciónŐƒĺƒƒőķ;Ѵruo1;vor-u-7;|;ulbm-um-Ѵou

$ƐĹ--1;r|-1bॕm7;Ѵub;v]or;7;|;m;uѴ]-uvbmt;;bv|-tratamiento del riesgoŐƒĺƕƖőo

$ƐĹ Ѵ-m࢙Ѵbvbv7;Ѵub;v]oruorou1bom-Ѵ-v0-v;vr-u-Ѵ-evaluación del riesgoŐƒĺƕƓőr-u-|ol-u

NOTA:-;-Ѵ-1bॕm7;Ѵub;v]o-7--Ѵ-|ol-7;7;1bvbom;vvo0u;;Ѵtratamiento del riesgoŐƒĺƕƖőĺ

Ɛĺ Auditorías de segunda partev;ѴѴ;-m-1-0orouѴ-vr-u|;vt;ঞ;m;mmbm|;u࣐v;mѴ-ou]-mb-1bॕmķ

ƑĺAuditorías de tercera partevomѴѴ;-7-v-1-0orouou]-mb-1bom;v7;-7b|ouझ-bm7;r;m7b;m|;vķ

Nota 3Ĺ ;m bm]Ѵ࣐vķvbѴov 1ub|;ubov7; -7b|ouझ-v; v;Ѵ;11bom-m7; ;m|u;Ѵov u;tbvb|ovѴ;]-Ѵ;voѴov

;uvom-7;vb]m-7-rou;Ѵ-7b|-7or-u--vbvঞu-Ѵ omfm|o 7; m- o l࢙v -7b|ouझ-v rѴ-mbC1-7-v