ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: Certification audits are conducted according these stages:
- Documentation review: at this stage the auditor checks if all mandatory policies, procedures, plans and records are in place.
- Main audit: at this stage the auditor, by means of techniques such as observation, interviews and log review, checks if processes and personnel are performing according what is documented. It is at the end of this stage that any identified non compliance is raised.
- Surveillance visits: once you get certified, you have to keep the system working during the three-years certification period. To ensure that, an auditor will come periodically to check if the system is in place and ask for adjustments when needed.
These articles will provide further information:
- Becoming ISO 27001 certified – How to prepare for certification audit https://advisera.com/27001academy/iso-27001-certification/
- ISO 27001/ISO 22301: The certification process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
- Major vs. minor nonconformities in the certification audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
- ISO 27001 Certification: What’s next after receiving the audit report? https://advisera.com/27001academy/blog/2015/05/18/iso-27001-certification-whats-next-after-receiving-the-audit-report/
- Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
2. What does one take into account when planning for the audit as an auditor?
Answer: The certification auditor has to develop the audit plan to making sure that all documents are compliant with the standard's requirements and that everyone is complying with all the implemented documents. The auditor can do that by means of developing a checklist to help him to ask for the necessary documents and records, as well as to which process to observe and people to interview.
This article will provide you further information:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
Comment as guest or Sign in
Mar 02, 2019