Glossary- ISO 27001 Stage 1 Audit

An ISO 27001 Stage 1 Audit is the foremost step in the ISO certification process which has two parts in total. Stage 1 Audit includes an extensive documentation review under which an external ISO 27001 auditor reviews the organization’s policies and procedures to ensure that the said organization meets all the requirements imposed by the ISO standard. Once the Stage 1 audit is completed, the ISO 27001 auditor provides feedback outlining the organization’s requirements to move toward the Stage 2 audit

Upon review, If the auditor decides that the organization’s ISMS fails to meet the requirements set by the ISO 27001 standard, they will resume outlining the areas where the issue is concerned. These areas of concern are known as non-conformities and require a solid corrective action plan before you can move forward to pursue the Stage 2 audit.

The ISO 27001 certification is valid for three years. However, the ISO standard states that organizations must monitor audits every year to verify if the ISMS and its imposed security controls are operating effectively. Thereby, every 12 months during the three-year cycle, the ISMS of an organization is open to external audit, where the auditor assesses its effectiveness.