An information security management system that meets the requirements of ISO/IEC 27001 preserves the confidentiality, integrity, and availability of information by applying a risk management process. It gives confidence to interested parties that risks are adequately managed.On the other hand, the auditor birey also interview those responsible for