Surveillance audit
We'll have the first surveillance audit in the next 3 months. Finished our Internal Audit a month ago. I just join the team as a Risk&Compliance Manager. How to we prepare for tbe Surv.Audit? I'd like to have an activities plan, kind of a checklist for preparation.
Assign topic to the user
The approach for the surveillance audit is basically the same for a certification audit, the difference being in the fact that in the surveillance not all ISMS scope is audited. Considering that, for the surveillance audit you should check:
- the documents required by the ISO 27001 standard and any document that exists in the ISMS
- the records used to evidence compliance with the documents (policies, procedures, etc.)
- the status of raised internal and external nonconformities, so they are closed, or on schedule before the surveillance audit starts
These articles will provide you a further explanation about preparing for an audit:
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
- Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
These materials will also help you regarding preparing for an audit:
- Preparing for ISO Certification Audit: A Plain English Guide https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
May 19, 2020