Expert Advice Community

Guest

Advise on Project timelines for ISO 27001 Certification

  Quote
Guest
Guest user Created:   Mar 04, 2022 Last commented:   Mar 04, 2022

Advise on Project timelines for ISO 27001 Certification

1 - Our ISO 27K implementation project is on track to complete the documentation phase by the end of March. The plan after that is to have all Control records and evidence in place for an Internal Audit by April 22nd.  Thereafter (all being well) the plan is to engage with an external Auditor to commence the external Audit process on June 15th with an aim to be certified by June 30th The question I have is, are these dates realistic? 2 - My second question relates to Major nonconformities.  As I understand it,  if the Audit finds a major nonconformity we have 3 months to correct it.  Is this a fix period, as in we can only move the audit process forward until the 3 months have elapsed, or does it restart after we have resubmitted the evidence that proves we have corrected it.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 04, 2022

1 - Our ISO 27K implementation project is on track to complete the documentation phase by the end of March. The plan after that is to have all Control records and evidence in place for an Internal Audit by April 22nd.  Thereafter (all being well) the plan is to engage with an external Auditor to commence the external Audit process on June 15th with an aim to be certified by June 30th

The question I have is, are these dates realistic? 

An internal audit can be performed within 1 day, with whatever records you may have, so a three-week period for generating evidence is more than enough to gather evidence for the internal audit.

Two weeks for the certification audit process is a realistic timeframe (in general certification audits last from 2 to 5 days, depending on scope size and complexity).

For further information, see:

2 - My second question relates to Major nonconformities.  As I understand it,  if the Audit finds a major nonconformity we have 3 months to correct it.  Is this a fix period, as in we can only move the audit process forward until the 3 months have elapsed, or does it restart after we have resubmitted the evidence that proves we have corrected it.

The certification audit is not resumed after the nonconformity is corrected. The auditor will verify if the nonconformity is resolved (after the official part of the certification audit is completed) and the evidence is sent to him.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 04, 2022

Mar 04, 2022

Suggested Topics