Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

ISO 27001 Certification

  Quote
Guest
Guest user Created:   Feb 23, 2021 Last commented:   Feb 23, 2021

ISO 27001 Certification

I have a question on the ISO27001 Certification, which you might help.

1. What is the frequency of auditing of the certification after an organization is certified.

2. Is there a difference in the depth of auditing controls between the initial certification audit and the successive audits.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 23, 2021

1. What is the frequency of auditing of the certification after an organization is certified.

Normally, certification bodies establish a one-year interval between surveillance audits, but in specific cases, this interval can be shorter.

When surveillance audits are annual, in year 3 only the recertification audit is needed.

2. Is there a difference in the depth of auditing controls between the initial certification audit and the successive audits.

The difference is related to controls coverage (the depth of audit is generally the same). Only during certification audits, all controls in the SoA must be audited. During each surveillance audit, the auditor can cover only part of the controls, provided that all controls are audited during the certification cycle (e.g., if you have 3 surveillance audits between certification audits, all controls must be audited at least once in these three audits).

This article will provide you a further explanation about surveillance audits:

This material will also help: 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 23, 2021

Feb 23, 2021