We’re still several weeks away from being ready for an internal audit, but I have questions about the internal and external audits that I wanted to ask now in case it takes us a while to make the necessary arrangements.
1. First, we’re thinking of hiring an auditor with who has experience doing ISO 27001 audits to do our internal audit because this seems like this will give us a better sense of how the external audit will go (thought let me know if this logic is flawed for any reason). Do you have any resources you could point me to on hiring an auditor for the internal audit? Or any tips on how best to find someone?
2. Second, do you have any resources you could point me to on finding a certification body? In particular I believe we’ll want to find one that has auditors in ***. We won’t have any operations in *** until after we get certified (we need to be certified before we're allowed to start work there). But once we start operating in *** there I assume we’ll need an auditor to visit our office there for follow-up audits in 2021 and beyond (again, please let me know if any of these assumptions are wrong).