For the first internal audit of the ISMS prior to certification, what should the scope period be? the past year?
Assign topic to the user
For the first internal audit, the Internal auditor has to review all the relevant facts from the day the ISMS documents became valid. In case this means too many records, the auditor needs to decide how to sample the records.
But it is important to note that certification bodies have their own criteria about the duration of the ISMS operation before the certification, so you must contact them previously to align this situation.
Comment as guest or Sign in
Aug 07, 2020