For the stage 1 audit, should there be an internal audit performed? Or is having the documention available ok?
Answer:
Yes, should be performed. In accordance with the clause 9.2.3.1.1 g) of ISO 17021 (Requirements for bodies providing audit and certification of management systems) : "The stage 1 audit shall be performed to evaluate if the internal audits and management review are being planned and performed
..
Regarding the documentation, it is not mandatory to have a procedure in your ISMS for the internal audit (although can be a best practice), and it is mandatory to have the internal audit report (and the internal audit program). On this article you can see the list of mandatory documents of ISO 27001:2013 List of mandatory documents required by ISO 27001 (2013 revision) : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
This article can be also interes ting for you How to get certified against ISO 27001? : https://advisera.com/27001academy/blog/2010/02/15/how-to-get-certified-against-iso-27001/
Comment as guest or Sign in
Jan 13, 2016