Auditing the ISMS

Answer:
If you want to perform an internal audit on an ISMS, you can start reviewing documents and after you can develop a checklist to know what are the main things that the auditor will check, so this article can be interesting for you “How to make an Internal Audit checklist for ISO 27001 / ISO 22301” : https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

Anyway, basically the checklist includes all the requirements of ISO 27001 that need to be implemented, so the internal auditor will check in these requirements are properly implemented.

Regarding the process, it can be composed by these steps:

1.- Document review
2.- Create the checklist
3.- Panning the main audit
4.- Performing the main audit
5.- Reporting
6.- Follow-up

By the way, we have a toolkit specific focused on the internal audit, so maybe can be useful for you “ISO 27001 / ISO 22 301 Internal Audit Toolkit” : https://advisera.com/27001academy/iso-27001-22301-internal-audit-documentation-toolkit/ (you can download a free version of the toolkit clicking on “DOWNLOAD FREE TOOLKIT DEMO”)

And here you can also see a free version of our checklist for the internal auditor clicking on “Free demo” tab “Internal Audit Checklist” : https://advisera.com/27001academy/documentation/internal-audit-checklist/

Finally, our online course can be interesting for you, because we give more information about the internal audit, and furthermore you can learn how to perform an internal audit “ISO 27001:2013 Internal Auditor Course” : https://advisera.com/training/iso-27001-internal-auditor-course/