Process of ISO 27001 Audit

I’m assuming your question is about a certification audit.

Considering that, to successfully clear a certification audit you need to implement the Information Security Management System according to ISO 27001 requirements, which involves:

1. getting management buy-in for the project;
2. defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding organizational and requirements of interested parties;
3. development of risk assessment and treatment methodology;
4. perform a risk assessment and define a risk treatment plan;
5. controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
6. people training and awareness;
7. controls operation;
8. performance monitoring and measurement;
9. perform internal audit;
10. perform management critical review; and
11. address nonconformities, corrective actions, and opportunities for improvement.

This article will provide you a further explanation about ISMS implementation:

• ISO 27 001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

About required documents, please see this article:

• List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

To see how documents compliant with ISO 27001 looks like, please take a look at the free demo of our ISO 27001 Documentation Toolkit: https://advisera.com/27001academy/iso-27001-documentation-toolkit/