www.InformationsecurityAudtors.com provides a web based tool (www.riesgoriskmanagement.com) for Auditors to capture information relating to ISO27001 compliance.
The difference the tool makes is the manner in which it acquires compliance evidence and how the Auditor is able to determine the level of compliance and potential gaps.
Evidence reflects an organisation’s behaviour not just prior to the arrival of the auditors but possibly going back for the last two quarters.
The solution is a web based tool that sits on the client’s site and access can be restricted or allowed for 3rd parties. Internal auditors will be able to ensure compliance across all business units as long as they have access to the intranet.