ISO 27001 INTERNAL AUDIT CHECKLIST
List of questions to ask during the ISO 27001 audit.
Get it now 
ISO 27001 INTERNAL AUDIT CHECKLIST
List of questions to ask during the ISO 27001 audit.
Get it now
ISO 27001 INTERNAL AUDIT CHECKLIST
List of questions to ask during the ISO 27001 audit.
Get it now
Is there a standard that requires a surveillance audit to be conducted once a year or its the decision of the certification body.
Answer:
ISO 17021 is a standard that establishes requirements for bodies providing audit and certification of management systems. This standard establishes that the surveillance audit shall be conducted at least once a year. Or in some cases it is performed twice a year (depending of the certification body and the company). Anyway, basically there are 3 types of audit for all ISO standards:
A - First initial certification audit: It is performed only the first year
B - The surveillance audit: It is performed only after the first initial certification audit, and generally it is performed once a year, or in some cases it is performed twice a year.
C - The recertification audit: It is performed only after the first initial certification audit and the surveillance audit, when the certificate expires after 3 years.
This is a cycle (A, B, C) that is repeated after the third year, but removing the first init ial certification audit.
For more information about this, please read this article Surveillance visits vs. certification audits : https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
Comment as guest or Sign in
Jan 12, 2016