Internal audit against all clauses of the standard
This relates to ISO 27001 and internal audit. I represent a small organization that is implementing an ISMS and who has just gone through the Stage 1 assessment.
The certification body insists that we should complete a full internal audit against all clauses of the standard as a pre-requisite to Stage 2 and also annually after this. I cannot see anything in the standard that says we must do this.
Is it OK to ask for your views on this?
The certification body quotes ISO 27006 as justification to put things in context, the company currently employs 12 people.
Assign topic to the user
During the certification audit, you need to provide evidence that you are fulfilling all standard requirements (from sections 4 to 10), and has implemented all controls stated as applicable in the Statement of Applicability.
Considering that, by not performing a full internal audit before the certification audit you are not fulling clause 9.2 b), because you are not ensuring all elements of the ISMS are effectively implemented and maintained.
After certification, you only need to align the internal audit activities according to the schedule of the surveillance audits, because the schedule will define what will be audited each year before the next certification audit.
These articles will provide you a further explanation about internal audit:
- Infographic: The brain of an ISO auditor – What to expect at a certification audit https://advisera.com/articles/infographic-the-brain-of-an-iso-auditor-what-to-expect-at-a-certification-audit/
- Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Jun 09, 2020