ISO 27001 Certification

ISO 27001 Certification Proven Process Explained! Step 6: Conduct an Internal Audit

Reading Time: 2 minutes

Last Updated on August 5, 2019

This short post is the sixth in a series that explains in straightforward terms the process we follow to build an ISO 27001 certifiable Information Security Management System (ISMS). You can access our entire proven process here.
We hope you find these bite-sized posts useful for understanding how ISO 27001 certification is achieved, and what it could look like for your organization. You may want to read them in order, starting with Step 1. Enjoy!
A hallmark of ISO 27001 is the requirement that management ensures “the suitability, adequacy, and effectiveness” of the ISMS. The key to doing this is a well-designed ISMS Internal Audit program.
The two-part goal of your Internal Audit program is:

  1. To identify what is working well; and
  2. To document what isn’t working and how it will be corrected.

The documentation on how you will correct issues is called the Corrective Action Plans (CAPs). Once complete, you can begin working with management to review the results and formally approve the CAPs.
Have questions about ISO 27001 certification or the best way to achieve your information security goals? Contact Pivot Point Security—we specialize in advising organizations on how to manage information security risk.
Access All ISO 27001 Proven Process Step Posts Here:

  1. Understand Your Scope
  2. Understand your InfoSec Controls
  3. Identify and Analyze Information Related Risk
  4. Build a Risk Treatment Plan
  5. Execute the Risk Treatment Plan
  6. Conduct an Internal Audit
  7. Certify Your ISMS
  8. Maintenance, Continuous Improvement and Recertification

Also, here is our ISO 27001 Proven Process PDF

ISO 27001 Recipe TNISO 27001 Recipe & Ingredients for Certification eBrief
Discover what you need to achieve ISO 27001 certification!

This eBrief will give you a quick and easily digestible introduction to the ISO 27001 standard and the process of becoming ISO 27001 certified.

Back to list

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *