Various IT audits to an organization

I am not 100% sure if I have understood the question, but if you have implemented an ISMS (Information Security Management System) based on ISO 27001, you can perform an internal audit to review the compliance level with respect the standard. So, this article can help you “How to make an Internal Audit checklist for ISO 27001 / ISO 22301” : https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/

If you have implemented other standard like PCI-DSS (related to the data security of the credit card industry), CMMI (related to the software development), or any other, you can also perform an audit to review the level of compliance, and basically you will need to review if the company is compliant with each requirement of the standard.

If you need more information about PCI-DSS, please read this article “PCI-DSS vs. ISO 27001 Part 1 - Similarities and Differences” : https://advisera.com/27001academy/knowledgebase/pci-dss/

And this one “PCI-DSS vs. ISO 27001 Part 2 - Impleme ntation and Certification” : https://advisera.com/27001academy/knowledgebase/pci-dss/

You can also perform technical audits, like vulnerabilities or penetration testings, although this type of audits does not show a specific level of compliance, simply give you information about the weaknesses of your systems.

This article can be also interesting for you “How to use penetration testing for ISO 27001 A.12.6.1” : https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/

Finally, we have a very interesting course about the internal auditor of ISO 27001, and maybe can be interesting for you “ISO 27001:2013 Internal Auditor Course” : https://advisera.com/training/iso-27001-internal-auditor-course/

So detail. Thank you for the clarifications, end to end clarifications.