Audit requirements

Answer:

ISO 27001 does not have a requirement specifically demanding a site visit, but for some requirements (e.g., implementation of corrective actions and continual improvement) and controls (e.g., physical controls like those from Annex A.11) only through an on site observation the auditors can ensure that the ISMS is properly implemented according ISO 27001, so, regardless if it is an internal or external audit, the site visit will be a part of the audit process, specially for certification audits.

In addition, standards that define requirements for certification audit require the certification auditor to perform part of the audit on-site.

This article will provide you further explanation about Planning audits:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/

These materials will also help you regarding audits:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 INTERNAL AUDITOR COURSE https://advisera.com/training/iso-27001-internal-auditor-course/