Being Audited to ISO-27001 Explained
Once all the requirements of ISO-27001 have been met, you can apply for an external audit. This would be carried out by a third party auditor, certification body, such as us Visual Cyber Security.
We would firstly review the relevant documentation. This should include the declared policy and scope of the ISMS, documents covering the risk assessment, risk treatment plan, Statement of Applicability and documented security procedures.
We would also be checking that you have identified and implemented the controls that are appropriate to your size and type of business. This process is normally carried out at your businesses premises.
This is followed at a later date by a full on-site audit to ensure that working practices and stated procedures and stated objectives are carried out and that the appropriate records are kept.
After a successful audit from us, a certificate of registration to ISO-27001 will be issued and surveillance visits of once or twice a year will take place to ensure that the system continues to work.
Feel free to talk to one of CyberGuys on - our team of experts are experienced in their field, however we keep the jargon to a minimum, friendly, helpful and happy to answer any questions you may have.