Additional ISO 27001 Certification Requirements
In addition to the Stage 1 and Stage 2 audits, the following must be performed to become ISO 27001 certified:
- A periodic and independent internal audit of the ISMS against the requirements of the ISO 27001 standard.
- Many organizations have trouble meeting the internal audit requirement do to the following reasons:
- They do not have personnel that are truly independent. Those responsible for conducting the internal audit should not be auditing functions over which they have operational control or ownership.
To combat these issues, organizations are outsourcing the internal audit requirement to CPA firms, such as Schneider Downs, that possess the appropriate knowledge of internal audit and ISO 27001.
Our ISO 27001 Internal Audit Approach
We begin our assessment by working closely with you to understand your business processes in order to understand your ISO 27001 compliance scope. We will work with and interview key individuals within the business and information technology services responsible for implementing the ISO 270001 controls to understand information security policies, procedures, and practices. We will evaluate your compliance with all control requirements through review of documentation supporting the operating effectiveness of controls. When our evaluation is complete, we will provide your organization with a detailed ISO 27001 compliance assessment report outlining corrective action plans with a detailed roadmap for achieving ISO 27001 compliance.