Expert Advice Community

Guest

Internal audit prior to Stage 1 external audit

  Quote
Guest
bootsman Created:   Apr 08, 2019 Last commented:   Apr 10, 2019

Internal audit prior to Stage 1 external audit

A mandatory step before certification audit - stage 1 is performing an internal audit. Does this internal audit need to cover all system elements of ISO 27001 or is it allowed to audit only a few system elements?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 10, 2019
Answer:

The purpose of internal audit is to independently check out whether the Information Security Management System (ISMS) is working properly, so for the certification audit you have to audit all requirements from the main section of the standard (from sections 4 to 10), and the implemented controls listed on the Statement of Applicability.

After the certification audit, it is best if the internal audit covers the whole ISMS each year, however you can decide to plan the internal audit in a 3-year cycle so to cover the whole ISMS in that period (the period between certification and recertification audits).

This article will provide you further explanation about internal audit:
- Becoming ISO 27001 certified – How to prepare for certification audit https://advisera.com/27001academy/iso-27001-certification/

These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain Eng lish Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor Course https://training.advisera.com/se/iso-14001-internal-auditor-course/o-27001-internal-auditor-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 08, 2019

Apr 10, 2019

Suggested Topics