Audit checklist

Answer: External audit phase 1 verifies if your documentation (e.g., policies and procedures) complies with ISO 27001:2013 mandatory requirements (e.g., is there an information security policy?), so you have to verify if you attend all "must" statements presented in the standard. The phase 2 looks for evidences that support the procedures are implemented and achieving the expected results. The main checklists you have are the Statement of Applicability, where all the controls considered relevant are listed, and the Risk Treatment Plan, which lists how they are implemented. From there you will find which documents and records you have to present to the auditor.

These articles will provide you further explanation about audit readiness:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- Becoming ISO 27001 certified – How to prepare for c ertification audit https://advisera.com/27001academy/iso-27001-certification/
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
- Infographic: The brain of an ISO auditor – What to expect at a certification audit https://advisera.com/articles/infographic-the-brain-of-an-iso-auditor-what-to-expect-at-a-certification-audit/

These materials will also help you regarding audit readiness:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/