Description of the contract
Introduction
ISO 27001 is an internationally recognised standard for managing and maintaining
information security within businesses. It outlines the requirements for an information security management system (ISMS), and provides a framework for establishing, implementing, maintaining and continually improving business information security.
Social Care Wales has held ISO 27001:2013 certification since 2008, achieving our most recent triennial recertification in April 2024. We are amid transitioning to the 27001:2022 standard and are due to transition in February 2025.
What is required / ‘The Requirements’
We are seeking the provision of an ISO 27001 Internal Auditor to evaluate and ensure the continued effectiveness and compliance of our Information Security Management System (ISMS) in accordance with the ISO 27001 standard.
The audit should be performed independently and aligned with the requirements of the ISO IEC 27001:2013 (ISO 27001) standard.
The Internal Auditor will:
- Prepare and agree an ISMS audit scope and engagement letter with Social Care Wales;
- Review and assess the ISMS documentation, including policies, procedures, and controls in line with the standard;
- Plan and execute internal audits, including the preparation of audit plans and schedules;
- Interview relevant personnel and gather evidence to assess compliance and effectiveness;
- Evaluate the implementation of risk assessments and treatment plans;
- Analyse audit findings and prepare detailed reports outlining strengths, weaknesses, and recommendations for improvement;
- Present findings to senior management and relevant stakeholders;
- Follow up on previous audit findings to ensure corrective actions have been implemented;
- Follow through any external certification audit findings and remedial actions received by Social Care Wales.
Please see Specification for more detail
|