01/22/2020 4:15PM |
Dina Tarantino |
As ISO/IEC 27701 is a subordinate program to ISO/IEC 27001, consideration shall be given to the amount of witnessing required for ISO/IEC 27701. ISO 27001 already requires annual witnessing.
Agree with Section 5 requiring witness activity, but it should either
a. Be limited to 1 full system witness and one surveillance over the cycle with ANAB discretion to increase based on factors in IAF MD 17 2.3.3 OR
b. Keep annual witness requirement but allow ANAB flexibility to reduce the number of required witness assessments over a cycle based on IAF MD 17 2.3.3
Reference IAF MD17:2015 2.3.3 “When deciding how many and which audits are to be witnessed, the AB shall take into account factors such as: …”
|
|