ISO 27001 Internal Audit Timing vs. Certification Audit
Is the ISO 27001 internal audit required to be fully completed prior to the certification audit? The timing of our ISO internal audit conflicts with the certification audit this year.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
I have gotten a non-conformity in the past for not finished (internal) auditing at least one thing from each chapter and annex chapter. This was in the cert audit. When I asked for the source of the requirement the auditor could not answer me.
I recommend finishing the internal audit before the cert audit so you don't have to have this debate with your external auditor.
Is the ISO 27001 internal audit required to be fully completed prior to the certification audit? The timing of our ISO internal audit conflicts with the certification audit this year.
Internal audit is mandatory according to ISO 27001, so it needs to be fully completed prior to the certification audit.
For further information, see:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- ISO 27001/ISO 22301: The certification process [free webinar] https://advisera.com/27001academy/webinar/iso-27001iso-22301-the-certification-process-free-webinar/
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
Comment as guest or Sign in
May 16, 2022