Internal audit after certification
Dear Advisera team, greetings. Just some clarification on the topic of the Internal Audits that one needs to do after the certification. Do we need to audit aspects of ISMS on the IA (like Leadership & Commitment (5.1))? I ask because the external auditors on the surveillance audit will for sure check the ISMS level of implementation on the business, but can I just check on annex A controls? What is mandatory (and what would you recommend)? Many thanks in advance.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 requires an internal audit to be performed considering all mandatory requirements from sections 4 to 10 and all controls identified as applicable in the statement of applicability. Considering that, you have to audit section 5.1, regardless of the external auditors will audit this clause.
This article will provide you a further explanation about surveillance audit:
- Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Feb 11, 2020