Guest user Created: Feb 01, 2017 Last commented: Feb 01, 2017

Verification audit

Do you know about any binding rule in the ISO27001-framework which states a deadline for having a follow-up /verification audit after a successful stage2-audit (here: after 12 months)? We wonder if the 12month period is starting with date of completion of the last audit or with the issuing date of the ISO certificate. It seems that there are different opinions on that deadline.

0 0

Assign topic to the user

Select user

Expert

Dejan Kosutic Feb 01, 2017

Answer: Rules for the certification audits for all ISO standards are the same: there needs to be at least one surveillance audit every 12 months. Verification audits are used only if you failed the Stage 2 audit, and the auditor needs to check whether you have closed a major nonconformity.

The 12 month period should start with the date of the completion of the last audit, but it would be best if you check this information with a certification body.

See also these articles:
- Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
- Major vs. minor nonconformities in the certific ation audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
- ISO 27001 Certification: What’s next after receiving the audit report? https://advisera.com/27001academy/blog/2015/05/18/iso-27001-certification-whats-next-after-receiving-the-audit-report/

This book also explains a lot about the process: Preparing for ISO Certification Audit: A Plain English Guide https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 01, 2017

Expert Advice Community