You are on page 1of 2

Confidential Audit Report

Audit Reference: SIT1211
SIT & SIT Co., Ltd
Small business Park
Warboys road,
Scope of the Audit: All data and intellectual property associated with scanning and
storing of documents.
Audit Objective: To assess SIT & SIT Co., Ltd. Information security system in
accordance with ISO 27001:2005.
The audit was conducted over a two-day period 10-03-2012 to 11-03-2012; in
accordance with the pre-accepted audit plan Appendix B attached.
The audit team consists of:
Mr. Vijith Vijayan – Lead Auditor
Mr. S Nikhil
Representative of SIT & SIT:
Mr. David Brown, Managing Director
Mr. Peter Jones, Technical Director
Mr. Jack Dolan, Business Manager & ISMS Manager
The audit was conducted against SIT & SIT Co., Ltd. ISMS SoA Version1 dated
A total of 4 nonconformities reference Appendix A attached numbered NC1 to NC4, were
found during this audit. The distribution of the nonconformities by department is as
Head Office: 3
In all the other departments no nonconformities were found.
Over two day period (4 man days) it was found that information security system being
operated by SIT & SIT was as follows:


System Implementation

The ISMS was found to address all of the requirements within ISO 27001,
client contracts and identified legal requirements

The nonconformities found were in areas where controls had not been
successfully implemented

System effectiveness

Once the nonconformities have been addressed ISMS will be capable of
consistency achieving its stated policy and objectives

As there were 3 other offices where no nonconformities were found this must be viewed
as positive sign. A total of nine nonconformities were raised. There was no underlying
trend in the nonconformities.

audit programme. . The plan will be viewed reviewed and on acceptance the recommendation will be forwarded to our certification team. and audit checklists plus nonconformities Auditor notes Summary and conclusions of the audit records and corrective action taken.We would like to draw your attention to the excellent ISMS awareness training system you have set up. Signature: __________________________ Team Leader Distribution List Client File Archive This report is confidential Internal audits may not require the same depth of documentation of reporting but the records retained will include at least the following:       Reference and date of the audit Works/department/office/section audited Scope of the audit and objective if there is one outside the stated objectives in the ISMS manual Names of auditor(s). and please pass on our thanks to them. the motivation and understanding of the ISMS system by your staff was very good. Registration is being recommended subject to the receipt of a corrective action plan (within 3 Weeks).