Internal audit
1. Must first internal audit be executed before certificate audit?
2. If so, must it cover every area or is it ok to audit some areas after certification audit?
Assign topic to the user
ISO 27001 INTERNAL AUDITOR COURSE
Everything you need to perform the internal audit for the first time.
Enroll for free 
ISO 27001 INTERNAL AUDITOR COURSE
Everything you need to perform the internal audit for the first time.
Enroll for free
ISO 27001 INTERNAL AUDITOR COURSE
Everything you need to perform the internal audit for the first time.
Enroll for free
1. Must first internal audit be executed before certificate audit?
Internal audit is a mandatory requirement of ISO 27001 (clause 9.2), so at least one audit cycle, covering all ISO 27001 requirements must be performed before going for a certification audit.
For further information, see:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
This material can also help you:
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
2. If so, must it cover every area or is it ok to audit some areas after certification audit?
For certification purposes, the internal audit must cover the whole ISMS scope before the certification audit.
Comment as guest or Sign in
Mar 24, 2020