External audit stage 1: Review of documentation
The ISO 27001 audit is conducted in two stages: Documentation review and certification audit.
In the Audit Stage 1, documentation review, the ISMS (Information Security Management System) controls are reviewed as per their design and structure. It assesses the documentation that supports the ISO 27001 controls and safeguards in place.
In the documentation review audit, you get reviewed on:
Information security policies
Risk assessment reports
Security procedures and controls
Incident response plans
Training records and compliance documentation
Once the stage 1 review is done, the auditor provides feedback to the business on any gaps or weaknesses in the documentation. Only after the team addresses these gaps does the organization move forward to Stage 2, the formal certification audit.
In the Audit Stage 1, documentation review, the ISMS (Information Security Management System) controls are reviewed as per their design and structure. It assesses the documentation that supports the ISO 27001 controls and safeguards in place.
In the documentation review audit, you get reviewed on:
Information security policies
Risk assessment reports
Security procedures and controls
Incident response plans
Training records and compliance documentation
Once the stage 1 review is done, the auditor provides feedback to the business on any gaps or weaknesses in the documentation. Only after the team addresses these gaps does the organization move forward to Stage 2, the formal certification audit.
ISO 27001 Series
Basics
Certification Process
Policies & Management
Risk Management
Resources & Templates
Sprinto: Your ally for all things compliance, risk, governance
