Documentos de Académico
Documentos de Profesional
Documentos de Cultura
";]ub7-77;Ѵ-m=oul-1bॕm
41
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
42
ƕĺ"orou|;
7.1 Recursos
-ou]-mb-1bॕm7;0;7;|;ulbm-uruorou1bom-u
Ѵovu;1uvovm;1;v-ubovr-u-;Ѵ;v|-0Ѵ;1blb;m|oķ
blrѴ;l;m|-1bॕmķl-m|;mblb;m|ol;fou-1omঞm-
7;Ѵ vbv|;l- 7; ];vঞॕm 7; Ѵ- v;]ub7-7 7; Ѵ-
bm=oul-1bॕmĺ
7.2 Competencia
La organización debe:
ĺ ;|;ulbm-uѴ-1olr;|;m1b-m;1;v-ub-7;Ѵ-vr;uvom-vt;u;-Ѵb-mķ0-fov1om|uoѴķm|u-0-fot;
-=;1|--v7;v;lr;ोo;mv;]ub7-77;Ѵ-bm=oul-1bॕmĺ
ĺ v;]u-uv; t; ;v|-v r;uvom-v v;-m 1olr;|;m|;vķ 0-v࢙m7ov; ;m Ѵ- ;71-1bॕmķ =oul-1bॕm o
;r;ub;m1b--7;1-7-vĺ
ĺ -m7ov;--rѴb1-0Ѵ;ķrom;u;ml-u1_--11bom;vr-u--7tbubuѴ-1olr;|;m1b-m;1;v-ub-;-Ѵ-u
Ѵ-;=b1-1b-7;Ѵ-v-11bom;vѴѴ;-7-v-1-0oĺ
ĺ omv;u-uѴ-bm=oul-1bॕm7o1l;m|-7--ruorb-7-ķ1olo;b7;m1b-7;Ѵ-1olr;|;m1b-ĺ
ĺ -roѴझ|b1-7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
ĺ " 1om|ub01bॕm - Ѵ- ;=b1-1b- 7;Ѵ vbv|;l- 7;
];v|bॕm 7; Ѵ- v;]ub7-7 7; Ѵ- bm=oul-1bॕmķ
bm1Ѵ;m7o Ѵov 0;m;=b1bov 7; m- l;fou- 7;Ѵ
7;v;lr;ोo;mv;]ub7-77;Ѵ-bm=oul-1bॕmĺ
ĺ -v blrѴb1-1bom;v 7; mo 1lrѴbu 1om Ѵov
u;tbvb|ov 7;Ѵ vbv|;l- 7; ];v|bॕm 7; Ѵ-
v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
43
7.4 Comunicación
ĺ Ѵ1om|;mb7o7;Ѵ-1olmb1-1bॕmĺ
ĺ ࢙m7o1olmb1-uĺ
ĺ tb࣐m1olmb1-uĺ
ĺ b࣐m7;0;1olmb1-uĺ
ĺ ov ruo1;vov rou Ѵov t; 7;0; ;=;1|-uv; Ѵ-
1olmb1-1bॕmĺ
7.5 Información Documentada
7.5.1 Consideraciones Generales
Ѵvbv|;l-7;];vঞॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕm7;Ѵ-ou]-mb-1bॕm7;0;bm1ѴbuĹ
ĺ -bm=oul-1bॕm7o1l;m|-7-u;t;ub7-rou;v|-moul-bm|;um-1bom-Ѵĺ
ĺ -bm=oul-1bॕm7o1l;m|-7-t;Ѵ-ou]-mb-1bॕm_-7;|;ulbm-7ot;;vm;1;v-ub-r-u-Ѵ-;=b1-1b-
7;Ѵvbv|;l-7;];v|bॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
$Ĺ Ѵ-Ѵ1-m1;7;Ѵ-bm=oul-1bॕm7o1l;m|-7-r-u-mvbv|;l-7;];vঞॕm7;Ѵ-v;]ub7-77;Ѵ-
bm=oul-1bॕmr;7;v;u7b=;u;m|;7;m-ou]-mb-1bॕm-o|u-ķ7;0b7o-Ĺ
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
Ɛĺ Ѵ|-l-ोo7;Ѵ-ou]-mb-1bॕm-v|bro7;-1|bb7-7;vķruo1;vovķruo71|ovv;ub1bovĺ
Ƒĺ -1olrѴ;fb7-77;Ѵovruo1;vovvvbm|;u-11bom;vĺ
ƒĺ -1olr;|;m1b-7;Ѵ-vr;uvom-vĺ
-m7ov;1u;--1|-Ѵb-Ѵ-bm=oul-1bॕm7o1l;m|-7-ķѴ-ou]-mb-1bॕm7;0;-v;]u-uv;ķ;mѴ-
l-m;u-t;1ouu;vrom7-ķ7;Ѵovb]b;m|;Ĺ
ĺ -b7;m|b=b1-1bॕm7;v1ubr1bॕmŐrou;f;lrѴoķ|झ|Ѵoķ=;1_-ķ-|ouomিl;uo7;u;=;u;m1b-őĺ
ĺ Ѵ =oul-|o Őrou ;f;lrѴoķ b7bol-ķ ;uvbॕm 7;Ѵ vo=|-u;ķ ]u࢙=b1ovő vv l;7bov 7; vorou|; Őrou
;f;lrѴoķr-r;Ѵķ;Ѵ;1|uॕmb1oőĺ
ĺ -u;bvbॕm-ruo0-1bॕm1omu;vr;1|o-Ѵ-b7om;b7-7-7;1-1bॕmĺ
44
7.5.3 Control de la Información Documentada
-bm=oul-1bॕm7o1l;m|-7-u;t;ub7-rou;Ѵvbv|;l-
7;];vঞॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmrou;v|-
moul-bm|;um-1bom-Ѵv;7;0;1om|uoѴ-ur-u--v;]u-uv;
t;Ĺ
ĺ bv|ub01bॕmķ-11;voķu;1r;u-1bॕmvoĺ
ĺ Ѵl-1;m-lb;m|oru;v;u-1bॕmķbm1Ѵb7-Ѵ-ru;v;u-1bॕm7;Ѵ-Ѵ;]b0bѴb7-7ĺ
ĺ om|uoѴ7;1-l0bovŐrou;f;lrѴoķ1om|uoѴ7;;uvbॕmőĺ
ĺ !;|;m1bॕm7bvrovb1bॕmĺ
-bm=oul-1bॕm7o1l;m|-7-7;oub];m;|;umoķt;Ѵ-ou]-mb-1bॕm_-7;|;ulbm-7ot;;vm;1;v-ub-r-u-
Ѵ-rѴ-mbC1-1bॕmor;u-1bॕm7;Ѵvbv|;l-7;];vঞॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmv;7;0;b7;mঞC1-u
1om|uoѴ-uķv;]িmv;--7;1-7oĺ
$Ĺ Ѵ-11;voblrѴb1-m-7;1bvbॕm1om1;umb;m|;-Ѵr;ulbvovoѴ-l;m|;r-u-1omvѴ|-uѴ-bm=oul-1bॕm
45
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
46
Ѷĺr;u-1bॕm
ѶĺƐѴ-mbC1-1bॕmom|uoѴr;u-1bom-Ѵ
-ou]-mb-1bॕm7;0;rѴ-mbC1-uķblrѴ;l;m|-u1om|uoѴ-uѴovruo1;vovm;1;v-ubovr-u-1lrѴbuѴov
u;tbvb|ov 7; v;]ub7-7 7; Ѵ- bm=oul-1bॕm r-u- blrѴ;l;m|-u Ѵ-v -11bom;v 7;|;ulbm-7-v ;m ;Ѵ
-r-u|-7oѵĺƐĺ-ou]-mb-1bॕm7;0;blrѴ;l;m|-u|-l0b࣐mrѴ-m;vr-u--Ѵ1-m-uѴovo0f;ঞov7;
v;]ub7-77;Ѵ-bm=oul-1bॕm7;|;ulbm-7ov;m;Ѵ-r-u|-7o6.2.
m Ѵ- l;7b7- m;1;v-ub- Ѵ- ou]-mb-1bॕm 7;0; l-m|;m;u bm=oul-1bॕm 7o1l;m|-7-ķ r-u- |;m;u Ѵ-
1omC-m-7;t;Ѵovruo1;vovv;_-mѴѴ;-7o-1-0ov;]িmѴorѴ-mbC1-7oĺ
-ou]-mb-1bॕm7;0;1om|uoѴ-uѴov1-l0bovrѴ-mbC1-7ovu;bv-uѴ-v1omv;1;m1b-v7;Ѵov1-l0bov
moru;bv|ovķѴѴ;-m7o-1-0o-11bom;vr-u-lbঞ]-uѴov;=;1|ov-7;uvovķ1-m7ov;-m;1;v-uboĺ
-ou]-mb-1bॕm7;0;]-u-mঞ-ut;Ѵovruo1;vov1om|u-|-7ov;|;um-l;m|;;v|࣐m1om|uoѴ-7ovĺ
47
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
48
49
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
8.3 Tratamiento de los Riesgos de Seguridad de la Información
50
Ɩĺ -Ѵ-1bॕm7;Ѵ ;v;lr;ोo
51
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
9.1 Seguimiento, Medición, Análisis y Evaluación
-ou]-mb-1bॕm7;0;;-Ѵ-u;Ѵ7;v;lr;ोo7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmѴ-;C1-1b-7;Ѵvbv|;l-
7;];vঞॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
ĺ t࣐;vm;1;v-ubo_-1;uv;]blb;m|ot࣐;vm;1;v-ubol;7buķbm1Ѵ;m7oruo1;vov1om|uoѴ;v7;
v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
ĺ ovl࣐|o7ov7;v;]blb;m|oķl;7b1bॕmķ-m࢙Ѵbvbv;-Ѵ-1bॕmķv;]িmv;--rѴb1-0Ѵ;ķr-u-]-u-m|b-u
u;vѴ|-7ov࢙Ѵb7ovĺ
$Ĺovl࣐|o7ovv;Ѵ;11bom-7ov7;0;mruo71buu;vѴ|-7ov1olr-u-0Ѵ;vu;ruo71b0Ѵ;vr-u-v;u
1omvb7;u-7ov࢙Ѵb7ovĺ
ĺ ࢙m7ov;7;0;mѴѴ;-u-1-0o;Ѵv;]blb;m|o
Ѵ-l;7b1bॕmĺ
ĺ b࣐m7;0;_-1;u;Ѵv;]blb;m|oѴ-l;7b1bॕmĺ
ĺ ࢙m7o v; 7;0;m -m-Ѵb-u ;-Ѵ-u Ѵov
u;vѴ|-7ov7;Ѵv;]blb;m|oѴ-l;7b1bॕmĺ
ĺ b࣐m7;0;-m-Ѵb-u;-Ѵ-u;vovu;vѴ|-7ovĺ
52
9.2 Auditoría Interna
ĺ lrѴ;1omĹ
Ɛĺ ov u;tbvb|ov ruorbov 7; Ѵ- ou]-mb-1bॕm
r-u-vvbv|;l-7;];v|bॕm7;Ѵ-v;]ub7-7
7;Ѵ-bm=oul-1bॕmĺ
Ƒĺ ovu;tbvb|ov7;;v|-moul-bm|;um-1bom-Ѵĺ
ĺ v|࢙ blrѴ;l;m|-7o l-m|;mb7o 7; l-m;u-
;=b1-ĺ
53
La organización debe:
ĺ Ѵ-mb=b1-uķ;v|-0Ѵ;1;uķblrѴ;l;m|-ul-m|;m;umoo-ubovruo]u-l-v7;-7b|ouझ-t;bm1Ѵ-m
Ѵ-=u;1;m1b-ķѴovl࣐|o7ovķѴ-vu;vromv-0bѴb7-7;vķѴovu;tbvb|ov7;rѴ-mb=b1-1bॕmķѴ-;Ѵ-0ou-1bॕm
7; bm=oul;vĺ ov ruo]u-l-v 7; -7b|ouझ- 7;0;m |;m;u ;m 1;m|- Ѵ- blrou|-m1b- 7; Ѵov ruo1;vov
bmoѴ1u-7ovѴovu;vѴ|-7ov7;Ѵ-v-7b|ouझ-vru;b-vĺ
ĺ -u-1-7--7b|ouझ-ķ7;=bmbuvv1ub|;ubovv-Ѵ1-m1;ĺ
ĺ ";Ѵ;11bom-uѴov-7b|ou;vѴѴ;-u-1-0o-7b|ouझ-vr-u--v;]u-uv;7;Ѵ-o0f;|bb7-7Ѵ-blr-u1b-Ѵb7-7
7;Ѵruo1;vo7;-7b|ouझ-ĺ
ĺ v;]u-uv;7;t;v;bm=oul--Ѵ-7bu;11bॕmr;u|bm;m|;7;Ѵovu;vѴ|-7ov7;Ѵ-v-7b|ouझ-vĺ
ĺ omv;u-u bm=oul-1bॕm 7o1l;m|-7- 1olo ;b7;m1b- 7; Ѵ- blrѴ;l;m|-1bॕm 7;Ѵ ruo]u-l- 7;
-7b|ouझ-7;Ѵovu;vѴ|-7ov7;;v|-ĺ
Auditoría
Auditoría v;7;Cm;1olo;Ѵruo1;vovbv|;l࢙ঞ1oķbm7;r;m7b;m|;7o1l;m|-7or-u-o0|;m;u
;b7;m1b- o0f;ঞ- ;-Ѵ-uѴ- o0f;ঞ-l;m|; r-u- 7;|;ulbm-u ;m t࣐ l;7b7- v; 1lrѴ;m Ѵov
1ub|;ubov7;-7b|ouझ-ĺ
b7;m1b-o0f;ঞ-7-|ovt;u;vr-Ѵ7-mѴ-;bv|;m1b-oѴ-;u7-77;-Ѵ]oĺ
- ;b7;m1b- o0f;ঞ- v; r;7; o0|;m;u - |u-࣐v 7; o0v;u-1bॕmķ l;7b1bॕmķ ru;0- o rou o|uov
l;7bovĺ
- ;b7;m1b- o0f;ঞ- r-u- ;Ѵ ruorॕvb|o 7; Ѵ- -7b|ouझ- ];m;u-Ѵl;m|; 1omvbv|; ;m u;]bv|uovķ
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
7;1Ѵ-u-1bom;v7;_;1_ovo|u-bm=oul-1bॕmt;vomu;Ѵ;-m|;vr-u-Ѵov1ub|;ubov7;-7b|ouझ-
;ubC1-0Ѵ;vĺ
Criterios de auditoría1omfm|o7;u;tbvb|ovঞѴb-7ov1olou;=;u;m1b-1omu;vr;1|o-Ѵov1-Ѵ;v
v;1olr-u-Ѵ-;b7;m1b-o0f;ঞ-ĺ
"b Ѵov 1ub|;ubov 7; -7b|ouझ- vom Ѵ;]-Ѵ;v Őbm1Ѵb7ov Ѵov u;tbvb|ov Ѵ;]-Ѵ;v o u;]Ѵ-l;m|-ubovőķ
Ѵ-vr-Ѵ-0u-vľ1lrѴblb;m|oĿoľbm1lrѴblb;m|oĿ-l;m7ov;ঞѴb-m;mm-1om1Ѵvbॕm7;
-7b|ouझ-
ovu;tbvb|ovr;7;mbm1ѴburoѴझঞ1-vķruo1;7blb;m|ovķbmv|u11bom;v7;|u-0-foķu;tbvb|ovѴ;]-Ѵ;vķ
o0Ѵb]-1bom;v1om|u-1|-Ѵ;vķ;|1ĺ
54
Alcance de auditoríav;u;C;u;-Ѵ-Ѵ1-m1;Ѵझlb|;v7;m--7b|ouझ-
Ѵ-Ѵ1-m1;7;Ѵ--7b|ouझ-];m;u-Ѵl;m|;bm1Ѵ;m-7;v1ubr1bॕm7;Ѵ-v0b1-1bom;vࣱvb1-vbu|-Ѵ;vķ
=m1bom;vķmb7-7;vou]-mb-ঞ-vķ-1ঞb7-7;vruo1;vovķ-vझ1olo;Ѵr;uझo7o7;ঞ;lro10b;u|oĺ
&m-0b1-1bॕmbu|-Ѵ;v1-m7om-ou]-mb-1bॕmu;-Ѵb-m|u-0-fooruorou1bom-mv;ub1bo
v-m7om;m|oumo;mѴझm;-t;r;ulb|;-Ѵ-vr;uvom-vķbm7;r;m7b;m|;l;m|;7;Ѵ-v0b1-1bom;v
ࣱvb1-vķ;f;1|-uruo1;vovĺ
55
ĺ ovu;vѴ|-7ov7;Ѵ--ru;1b-1bॕm7;Ѵovub;v]ov;Ѵ;v|-7o7;ѴrѴ-m7;|u-|-lb;m|o7;ub;v]ovĺ
ĺ -vorou|mb7-7;v7;l;fou-1om|bm-ĺ
ov;Ѵ;l;m|ov7;v-Ѵb7-7;Ѵ-u;bvbॕmrouѴ-7bu;11bॕm7;0;mbm1ѴbuѴ-v7;1bvbom;vu;Ѵ-1bom-7-v
1omѴ-vorou|mb7-7;v7;l;fou-1omঞm-1-Ѵtb;um;1;vb7-77;1-l0bo;m;Ѵvbv|;l-7;
];vঞॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
-ou]-mb-1bॕm7;0;1omv;u-ubm=oul-1bॕm7o1l;m|-7-1olo;b7;m1b-7;Ѵovu;vѴ|-7ov7;Ѵ-v
u;bvbom;vrouѴ-7bu;11bॕmĺ
-v-1|-v7;!;bvbॕmrouѴ- bu;11bॕmv;7;0;bm1Ѵbu;v|ovrm|ov1ololझmblo;v|-uml;u--
7-v;mou7;m1ouu;Ѵ-ঞoĺ
Ɛĺ 11bom;v7;v;]blb;m|o7;Ѵov-1;u7ov7;Ѵ1|--m|;ubou7;!;mbॕm7;Ѵolb|࣐""ĺ
Ƒĺ -l0bov;mѴov-vm|ov;|;umov;bm|;umovt;vomr;u|bm;m|;v-Ѵ""ĺ
ƒĺ ov1ol;m|-ubovvo0u;;Ѵ7;v;lr;ोo7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmķbm1Ѵb7-v|;m7;m1b-v;mĹ
mo1om=oulb7-7;v-11bom;v1ouu;1ঞ-vĺ
Ɠĺ !;vѴ|-7ov7;Ѵlomb|ou;ol;7b1bom;vĺ
Ɣĺ !;vѴ|-7ov7;-7b|ouझ-ĺ
ѵĺ lrѴblb;m|o7;Ѵovo0f;|bov7;v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
ƕĺ ol;m|-ubov7;Ѵ-vr-u|;vbm|;u;v-7-vĺ
Ѷĺ !;vѴ|-7ov7;Ѵ-;-Ѵ-1bॕm7;ub;v]o;Ѵ;v|-7o7;ѴrѴ-m7;|u-|-lb;m|o7;ub;v]oĺ
Ɩĺ rou|mb7-7;vr-u-Ѵ-l;fou-1om|bm-ĺ
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
56
ƐƏĺ;fou-
57
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
ƐƏĺƐoom=oulb7-711bom;vouu;1ঞ-v
-m7oo1uu-m-mo1om=oulb7-7ķѴ-ou]-mb-1bॕm7;0;Ĺ
ĺ !;-11bom-u-m|;Ѵ-mo1om=oulb7-7ķv;]িmv;--rѴb1-0Ѵ;Ĺ
Ɛĺ Ѵ;-u-1-0o-11bom;vr-u-1om|uoѴ-uѴ-1ouu;]buѴ-ĺ
Ƒĺ -1;u=u;m|;-Ѵ-v1omv;1;m1b-vĺ
ĺ -Ѵ-uѴ-m;1;vb7-77;-11bom;vr-u-;Ѵblbm-uѴ-v1-v-v7;Ѵ-mo1om=oulb7-7ķ1om;Ѵ=bm7;t;
mo;Ѵ--o1uubuķmbo1uu-;mo|u-r-u|;ķl;7b-m|;Ĺ
Ɛĺ -u;bvbॕm7;Ѵ-mo1om=oulb7-7ĺ
Ƒĺ -7;|;ulbm-1bॕm7;Ѵ-v1-v-v7;Ѵ-mo1om=oulb7-7ĺ
ƒĺ - 7;|;ulbm-1bॕm 7; vb ;bv|;m mo 1om=oulb7-7;v vblbѴ-u;vķ o t; ro|;m1b-Ѵl;m|; ro7uझ-m
o1uubuĺ
ĺ lrѴ;l;m|-u1-Ѵtb;u-11bॕmm;1;v-ub-ĺ
ĺ !;bv-uѴ-;=b1-1b-7;Ѵ-v-11bom;v1ouu;1|b-vѴѴ;-7-v-1-0oĺ
ĺ "b;vm;1;v-uboķ_-1;u1-l0bov-Ѵvbv|;l-7;];v|bॕm7;Ѵ-v;]ub7-77;Ѵ-bm=oul-1bॕmĺ
-v-11bom;v1ouu;1ঞ-v7;0;mv;u-7;1-7-v-Ѵov;=;1|ov7;Ѵ-vmo1om=oulb7-7;v;m1om|u-7-vĺ
-ou]-mb-1bॕm7;0;1omv;u-ubm=oul-1bॕm7o1l;m|-7-ķ1olo;b7;m1b-7;Ĺ
ĺ -m-|u-Ѵ;-7;Ѵ-vmo1om=oulb7-7;v1-Ѵtb;u-11bॕmrov|;ubouѴѴ;-7--1-0oĺ
ĺ ovu;vѴ|-7ov7;1-Ѵtb;u-11bॕm1ouu;1|b-ĺ
ƐƏĺƑ;fou-omঞm-
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
58
m;oƐĹ$࣐ulbmov ;=bmb1bom;v
59
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
$-ѴѴ;uĹ !;bv-u Ѵov$࣐ulbmov ;=bmb1bom;v
7;";]ub7-77;Ѵ-m=oul-1bॕm
ISO 27001 INTERNAL AUDITOR / LEAD AUDITOR (I27001IA/LA)
60