ISO Bootcamp Webinar Series: Part 3 - The Audit Process
Getting ISO 27001 certified is often a necessity to win more business and the more you dig into becoming compliant, the more confusing it gets. That’s why we’re doing a three-part ISO 27001 Bootcamp, breaking it all down for you.
Special guest: Chris Denton, Manager of Cyber and Risk Advisory Services at Marcum LLP
In the final part of our ISO 27001 Bootcamp we will dive into:
- Auditor selection
- The three-year audit cycle
- The certification audit
- The surveillance audit
00:00 - 01:42 Introductions and housekeeping
01:45 - 06:00 Finding the right Auditor
06:01 - 14:25 The process after selecting an Auditor
15:40 - 19:30 What to expect during the initial certification audit
19:40 - 21:40 Auditor identifies non-conformities
21:47 - 26:00 The stage 2 process
27:00 - 31:35 Completing certification audit and receiving a certification mark
31:40 - 32:40 Sharing certification and leverage certification
32:50 - 35:36 What to expect during the year 2 surveillance audit
36:27 - 38:40 Do you need to have the same auditor for all 3 years?
39:00 - 42:00 If you acquire a company in the midst of/or approaching a surveillance audit do you need to redo the audit for the new entity?
42:10 - 43:40 Would a big enough change in your scope trigger you to be pushed back into restarting the audit process instead of conducting a year 2 or 3 surveillance audit?
43:10 - 43:40 What is the maximum allowed time between a stage 1 and stage 2 audit?
43:45 - 45:45 What does completing an audit remotely look like?
45:50 - 46:40 If the version of your statement of applicability changes do you need a new certificate?