In order to meet the requirements of clause 9.2 of the ISO27001 standard certification audit, you need to have evidence of a completed internal audit of your management system by a qualified ISO27001 auditor. If you haven’t got an internal auditor within your organization or the time and resource to train one, then outsourcing your internal audit is the best option.
If this is your first certification audit or you’re recertifying, you’ll need to complete an internal audit of your full ISMS. If it’s your annual surveillance audit you may only require an internal audit of certain management system requirements or specific controls of Annex A, such as A.6, A.8 etc, in accordance with a defined audit schedule.
Whatever your internal audit requirements, CertiKit can help! Our qualified ISO27001 lead auditors provide an internal audit service remotely via MS Teams to clients in the UK, the EU and those +/- 2 hours of the UK time zone.
The audits will consist of a combination of document review and remote discussions with appropriate management and staff. Relevant documented information will be reviewed as evidence that the defined processes and procedures are being followed.
After the audit we provide a professionally compiled report that details:
Let us help you meet your ISO27001 internal auditing requirements in three simple steps.
Please note, CertiKit’s audits are performed remotely via MS Teams by our consultants in the UK and are most suitable for organizations +/- 2 hours of UK time zone. CertiKit are not a Registered Certification Body and cannot provide you with a formal management system certification.
Who is required at the internal audit?
Representatives within the scope of activities being audited, plus any other representatives as needed.
How frequently does an organization need an internal audit?
It is a requirement of the standard that an organization defines an audit plan covering a period of time, typically organizations prepare an annual audit schedule showing which functions or areas of the standard are to be audited at a particular time. Internal audits should be carried out in accordance with the audit schedule.
How much do internal audits cost?
This is dependent on multiple factors from audit scope to size of the organization and number of sites. Submitting an enquiry and completing our audit booking form is the best way to get a quote specific to your organization.
How long will an internal audit take?
This depends on the scope of the audit and if there are multiple sites, or business functions that fall under that audit scope. Time also needs to be factored in for evidence gathering, writing the audit report along with any audit findings and nonconformities that may be identified.
How can an internal audit help prepare for the certification audit?
Internal audits are a requirement of the ISO27001 standard. A certification auditor will verify that you are carrying out internal audits to your audit schedule, and are providing the relevant audit evidence (reports and any nonconformities) and that the audit programme is being managed. Certification bodies will also check that the outputs of audits are being reviewed in your management review meetings to identify areas of weakness or areas for improvement.
What are the additional benefits of an internal audit?