Guest user Created: Feb 23, 2021 Last commented: Feb 23, 2021

ISO 27001 Certification

I have a question on the ISO27001 Certification, which you might help. 1. What is the frequency of auditing of the certification after an organization is certified. 2. Is there a difference in the depth of auditing controls between the initial certification audit and the successive audits.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Feb 23, 2021

1. What is the frequency of auditing of the certification after an organization is certified.

Normally, certification bodies establish a one-year interval between surveillance audits, but in specific cases, this interval can be shorter.

When surveillance audits are annual, in year 3 only the recertification audit is needed.

2. Is there a difference in the depth of auditing controls between the initial certification audit and the successive audits.

The difference is related to controls coverage (the depth of audit is generally the same). Only during certification audits, all controls in the SoA must be audited. During each surveillance audit, the auditor can cover only part of the controls, provided that all controls are audited during the certification cycle (e.g., if you have 3 surveillance audits between certification audits, all controls must be audited at least once in these three audits).

This article will provide you a further explanation about surveillance audits:

Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/

This material will also help:

What to expect at the ISO certification audit: What the auditor can and cannot do https://info.advisera.com/free-download/what-to-expect-at-the-iso-certification-audit

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 23, 2021

Expert Advice Community