Assign topic to the user
First, it is important to note that stages 1 and 2 refers only to certification audits. Internal audits do not need to follow this approach (all activities described below are performed in a single "stage").
Considering that, ISO 27001 Stage 1 certification audit is also called "Documentation review" - the auditor will evaluate whether you have all the mandatory documentation.
You can find the list of mandatory documents in this blog post: List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Regarding stage 2, the auditor goes around your company, speaks to your employees, looks for logs and other records, observes the effectiveness of your safeguards (the controls stated as applicable in the Statement of Applicability - SoA), etc.
Learn more about it in this webinar: ISO 27001/ISO 22301: The certification process https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
This article will provide you a further explanation about internal audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
Comment as guest or Sign in
Sep 19, 2019