Skip to main content
ISO 27001 Certification

Phase 5: Certification Audit

Certification Roadmap - Phase 5

Certification Audit (Stage 1 & 2)

The Certification Audit phase is a critical and comprehensive evaluation process that determines whether your Information Security Management System (ISMS) meets the ISO 27001 standards. This phase is divided into two stages: Stage 1 focuses on a documentation review, while Stage 2 involves a thorough on-site audit. Each stage is designed to assess different aspects of your ISMS, from documentation adequacy to practical implementation and effectiveness. Successfully completing both stages is essential for achieving ISO 27001 certification.
Stage 1

Documentation

Assess the documentation of your ISMS to ensure it meets ISO 27001 requirements
Stage 2

Full Audit

Evaluate the implementation and effectiveness of your ISMS
Results

Outcome

Determines if your ISMS complies with ISO 27001 standards and is effectively implemented.
[ Stage 1 ]

Document Review

Purpose

The purpose of Stage 1 is to assess the documentation of your ISMS to ensure it meets ISO 27001 requirements. This preliminary review helps identify any gaps or deficiencies in your ISMS documentation before the full on-site audit takes place.

Activities

  • Documentation Review: The certification body examines your ISMS documentation, including information security policies, procedures, risk assessments, and control records.

  • Assessment of Compliance: Evaluate whether the documented policies and procedures align with ISO 27001 requirements and reflect the actual practices within your organization.

  • Readiness Evaluation: Determine if your ISMS documentation is sufficient to support the on-site audit in Stage 2 and whether your organization is prepared for a detailed evaluation.

Outcome

  • Preliminary Report: A report outlining the adequacy of your ISMS documentation, identifying any gaps or areas for improvement. This report also assesses your readiness for Stage 2 of the certification audit.

Talk With An ISO 27001 Expert

Investors & customers demanding compliance? We got you.
[ Stage 2]

Full Audit

Purpose

The purpose of Stage 2 is to evaluate the implementation and effectiveness of your ISMS. This stage involves a comprehensive on-site audit to assess whether your ISMS is operating as documented and effectively managing information security risks.
Audit Activities

On-Site Audit

The certification body conducts a thorough audit of your ISMS on-site, including:
  • Interviews: Engage with key personnel to understand how policies and procedures are implemented and followed in practice.

  • Observations: Observe day-to-day operations to assess the practical application of information security controls.

  • Examination of Records: Review records and documentation to verify the effectiveness and consistency of your ISMS.

Evaluation of Effectiveness

Assess the overall effectiveness of your ISMS in managing information security risks and achieving ISO 27001 objectives.

Identification of Non-Conformities

Identify any non-conformities, deficiencies, or areas of concern that need to be addressed.

Outcome - Audit Report

A detailed report that includes:
  • Findings: Documentation of any non-conformities or areas of concern identified during the audit.

  • Recommendations: Suggestions for improvement to address any issues found and enhance the effectiveness of your ISMS.

  • Certification Decision: Based on the audit results, a decision regarding the issuance of ISO 27001 certification, including any necessary corrective actions that must be taken before certification can be granted.

Outcome

The Certification Audit phase determines whether your ISMS complies with ISO 27001 standards and is effectively implemented. Stage 1 ensures that your documentation meets ISO 27001 requirements and prepares you for Stage 2. Stage 2 provides a thorough evaluation of your ISMS’s implementation and effectiveness, leading to a final audit report with findings and recommendations. Successfully passing both stages results in the issuance of the ISO 27001 certification, demonstrating your organization’s commitment to maintaining high standards of information security management.

Deliverables

Stage 1 - Preliminary Report

A document detailing the adequacy of your ISMS documentation and readiness for Stage 2.

Stage 2 - Audit Report

A comprehensive report highlighting audit findings, non-conformities, and recommendations for improvement, along with the certification decision.

Get Started With NDB Today

Expert guidance for navigating every phase of the ISO 27001 certification process with ease, from initial assessment to final compliance and beyond.
  • Results to get your company ISO compliant
  • Expert aduit guidance through each phase
  • High compliance and audit success rate