4 Principles

 

4.1 Management principles

Quality management principles

4.1

The seven quality management principles (cf. figure 4-1) will help us achieve sustained success (ISO 9001, sub-clause 0.2).

principles
Figure 4-1. The 7 quality management principles 

Top of the page

 

4.2 Audit principles

Audit principles for the auditor, the audit and the auditee

4.2

Certain principles must be followed for an audit to be a value added tool.

For the auditor:

But also:

For the audit:

For the auditee:

An auditor cannot audit their own department as:

No-one should be a judge in his own case. Latin proverb

smileyMinute of relaxation. Cf. joke "The engineer and the shepherd"

Top of the page

 

4.3 Performance of the ISMS

Performance, effectiveness, efficiency

4.3

For an information security management system what is of interest is the degree of achievement of objectives or, in other words, performance. The performance of an ISMS is measured by its effectiveness and, above all, by its efficiency (see figure 4-2).

performance

Figure 4-2. Performance of an ISMS

Effectiveness: capacity to perform planned activities with minimum effort
Efficiency: financial relationship between achieved results and resources used

N.B. We can be effective because we achieved our objective, but are not efficient if we used too many resources or tolerated and produced too much waste!

Minute of relaxation. Game: Audit principles

The rest of the T 44v22 ISO 27001 internal audit version 2022 training is accessible on this page.

See also the training T 24v22 ISO 27001 readiness version 2022 and the training package ISO 27001 version 2022.

Top of the page