An ISO27001  audit involves a competent and objective auditor reviewing:

  • The ISMS  or elements of it and testing that it meets the standard’s requirements,
  • The organisation’s own information requirements, objectives for the ISMS,
  • That the policies, processes, and other controls are practical and efficient.

In addition to the overall compliance and effectiveness of the ISMS, as ISO 27001 is designed to enable an organisation to manage it’s information security risks to a tolerable level, it will be necessary to check that the implemented controls do indeed reduce risk to a point where the risk owner(s) are happy to tolerate the residual risk.



The standard requires that an organisation is required to plan and conduct a schedule of “internal audits” to be able to claim compliance with the standard. Furthermore, if an organisation desires to achieve certification, it will require “external audits” to be carried out by a “Certification Body” – an organisation with competent auditing resources against ISO 27001.

To ensure maximum benefit from the ISMS ypu will need to do some homework on your competitors. If they are with USAS then it is strongly recommended that you do the same.

Internal audit

Internal audits, as the name would suggest, are those audits carried out by the organisation’s own resources. If the organisation does not have competent and objective auditors within its own staff, these audits can be carried out by a contracted supplier. These are often referred to as “2nd party audits” since the supplier acts as an “internal resource”.

External audit

The term “external audits” most commonly applies to those audits carried out by a certification body or external auditing company to gain or maintain certification. However, the term may also be used to refer to those audits carried out by other interested parties (e.g. partners or customers) wishing to gain their own assurance of the organisation’s ISMS. This is especially true when such a party has requirements that go beyond those of the standard.

Get Quote

e-mail our consultant


British Made

We are British business helping other businesses in the UK. I started out running from a small, rented room in Blackpool with an entrepreneurial spirit, and a desire to help. Today, we help hundreds of businesses achieve certification and improve their processes every year.

We want to help you meet and exceed customer expectations.