let me try and respond this although this should be clear on the documentation
For example we create a ISO 27001 Compliance Package, adjust the corresponding ISO 27001 Compliance Analysis with the result of the internal audit
Im not sure if this is a typo or you are using the tool incorrectly. Once you upload a compliance package the task on the compliance analysis module is to link the controls (control catalogue / sec. services) and policies (control catalogue / policies) that address each requirement.
and also add Compliance Analysis Findings related to the result of the internal audit.
the results of your interal audits (i’m assuming you refer to the testing of security services) is not attached to compliance analysis, but to the security services. Since this security services are attached to your compliance requirements the link is closed there.
In this way we are able to have a quick overview of the compliance of the scoped audit and schedule the findings with the right collaborators.
Question 1: Is this the right way?
i think i made a few comments, perhaps you referred to the same steps?
Question 2: Is there another way?
Question 3: Is there a way to import the result of the internal audit, resulting at least with a “complete” Compliance Analysis of the result?
Let me know if your understanding was different from what i describe here, i anyway strongly recommend you use the documentation to refresh what compliance, controls, policiles do aorund. alternatively you can access our latest trainings recordings (they anwyay follow the documentation) if you think tha twould help?