Are you looking for product guides, support articles and setup instructions?

ISO Bootcamp Webinar Series: Part 3 - The Audit Process

edited September 9 in ISO27001

Getting ISO 27001 certified is often a necessity to win more business and the more you dig into becoming compliant, the more confusing it gets. That’s why we’re doing a three-part ISO 27001 Bootcamp, breaking it all down for you.

Special guest: Chris Denton, Manager of Cyber and Risk Advisory Services at Marcum LLP

In the final part of our ISO 27001 Bootcamp we will dive into:

  • Auditor selection
  • The three-year audit cycle
  • The certification audit
  • The surveillance audit


00:00 - 01:42 Introductions and housekeeping

01:45 - 06:00 Finding the right Auditor

06:01 - 14:25 The process after selecting an Auditor

15:40 - 19:30 What to expect during the initial certification audit

19:40 - 21:40 Auditor identifies non-conformities

21:47 - 26:00 The stage 2 process

27:00 - 31:35 Completing certification audit and receiving a certification mark

31:40 - 32:40 Sharing certification and leverage certification

32:50 - 35:36 What to expect during the year 2 surveillance audit


36:27 - 38:40 Do you need to have the same auditor for all 3 years?

39:00 - 42:00 If you acquire a company in the midst of/or approaching a surveillance audit do you need to redo the audit for the new entity?

42:10 - 43:40 Would a big enough change in your scope trigger you to be pushed back into restarting the audit process instead of conducting a year 2 or 3 surveillance audit?

43:10 - 43:40 What is the maximum allowed time between a stage 1 and stage 2 audit?

43:45 - 45:45 What does completing an audit remotely look like?

45:50 - 46:40 If the version of your statement of applicability changes do you need a new certificate?