Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is an ISO 27001 internal audit?

An ISO 27001 internal audit involves examining an organization’s Information Security Management System (ISMS) before undergoing an ISO audit with an external auditor. The internal audit aims to help identify gaps or deficiencies that could affect an organization’s ISMS and impact its ability to meet its intended objectives and complete an initial or annual ISO 27001 certification audit.

The internal audit function is a requirement under the ISO 27001 standard. However, unlike a certification review where an organization must use an external third party to conduct the audit, either staff within an organization or an independent third party—such as a consulting firm—can perform an audit. 

When determining its approach to the execution of an internal audit, a company must:

  • Ensure the auditor is objective and impartial, meaning there are no conflicts of interest and that appropriate separation of duties are in place (i.e., the auditor has not implemented or does not operate or monitor any of the controls under audit).
  • Ensure the auditor is qualified and competent regarding auditing processes and procedures, as well as the ISO 27001 standard.


The internal audit results, including nonconformities, should be shared with a company’s ISMS governing body and senior management to ensure oversight and identify issues before proceeding to the external audit.

{{cta_withimage2="/cta-modules"}}

Additional resources you might like:

Product updates
Event
The Future of GRC

Join our virtual event broadcast to hear product updates and renowned security experts on the future of GRC.

Compliance
Event
Save time on security reviews with Questionnaire Automation & Trust Center

Join us to learn how Questionnaire Automation & Trust Center help security teams with questionnaires.

HIPAA
Event
Choosing the right HITRUST certification level and streamlining implementation

As an authorized reseller, Vanta’s pre-built HITRUST solution natively includes the necessary controls, documents, and policies - eliminating the manual “do-it-yourself” approach that other platforms require. Curious to see this in action? Join Vanta and HITRUST for a live session!

Additional resources you might like:

Product updates
Event
The Future of GRC

Join our virtual event broadcast to hear product updates and renowned security experts on the future of GRC.

Compliance
Event
Save time on security reviews with Questionnaire Automation & Trust Center

Join us to learn how Questionnaire Automation & Trust Center help security teams with questionnaires.

HIPAA
Event
Choosing the right HITRUST certification level and streamlining implementation

As an authorized reseller, Vanta’s pre-built HITRUST solution natively includes the necessary controls, documents, and policies - eliminating the manual “do-it-yourself” approach that other platforms require. Curious to see this in action? Join Vanta and HITRUST for a live session!

Compliance
Event
How to Automate ISO 27001 & SOC 2 Compliance

Join Vanta’s 45-minute live product demo. Two of our team members will walk you through the platform and answer your questions in real time.

Compliance
Event
Demystifying the EU AI Act

Ready to Navigate the EU AI Act? Join us for our webinar, “Demystifying the EU AI Act” where we'll break down everything you need to know about this game-changing regulation.

Compliance
Event
How Traffyk.ai Used Compliance to Unlock Enterprise Opportunities

Watch our webinar with Traffyk.ai as we demystify the compliance process. We will explore how Traffyk.ai, a SaaS Employee Communications Performance Platform, leveraged Vanta’s automation to streamline their ISO 27001 certification process, ultimately helping them secure enterprise clients.

Compliance
Event
How to Automate SOC 2 & ISO 27001 Compliance

Join Vanta’s 45-minute live product demo on August 7th at 11 am PST. Two of our team members will walk you through the platform and answer your questions in real time.

Compliance
Event
How to Automate ISO 27001 & SOC 2 Compliance

Curious about why compliance is so important, which businesses need it, and how Vanta's automation can help you quickly achieve it? Join Vanta’s 45-minute live product demo.

Compliance
Blog
4 takeaways from A-LIGN’s 2024 Compliance Benchmark Report

Get highlights from the report that companies can use to evaluate and enhance their current compliance strategies.