ISO 27001 Certification
Assign topic to the user
1. What is the frequency of auditing of the certification after an organization is certified.
Normally, certification bodies establish a one-year interval between surveillance audits, but in specific cases, this interval can be shorter.
When surveillance audits are annual, in year 3 only the recertification audit is needed.
2. Is there a difference in the depth of auditing controls between the initial certification audit and the successive audits.
The difference is related to controls coverage (the depth of audit is generally the same). Only during certification audits, all controls in the SoA must be audited. During each surveillance audit, the auditor can cover only part of the controls, provided that all controls are audited during the certification cycle (e.g., if you have 3 surveillance audits between certification audits, all controls must be audited at least once in these three audits).
This article will provide you a further explanation about surveillance audits:
- Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
This material will also help:
- What to expect at the ISO certification audit: What the auditor can and cannot do https://info.advisera.com/free-download/what-to-expect-at-the-iso-certification-audit
Comment as guest or Sign in
Feb 23, 2021