What is Internal Auditing?

Internal auditing is another requirement of the ISO/IEC 27001 international standard. Your Information Security Management System (ISMS) must be regularly audited to ensure it always meets the standard. The audit itself must be independant, which may organisations cannot achieve since you cannot audit yourself. The external audit performed by the UKAS approved body is not considered as an internal audit either, which leaves little choice.

Some organisations may have an individual or team who may already perform internal audits for other purposes, e.g. FSA regulation. So it may just be a case of training the individual or team to be able to perform an ISO27001 audit. If you don't have this, we can help.

What is involved?

Since external audits are often every 6 months, we recommend that you spread your internal audits to quarterly so as not to take up too much of your time in one visit, although 6 monthly internal audits are possible. These should be performed in advance of your external audit to ensure you have time to rectify any non-conformities we identify.

The internal audit plan is discussed and agreed and we will vist your site(s) and review your ISMS and its implementation. We identify and report any non conformities within the ISMS, recommendations for any non-conformities and highlight opportunities for improvement.

Next Steps

Call or Email: to discuss your internal audit requirements with one of our consultants, who will answer any questions you may have, and can provide a bespoke solution to help you maintain your certification.

Our consultants are Certified Information Systems Security Professionals (CISSP) so you can be sure we have the skills to deliver.

Already have an Internal Auditor?

If you already have an ISO/IEC 27001 internal auditor and would like to review your process, we can still help.

Call Now: 0845 26 90 127

or Email: