Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is an ISO 27001 internal audit?

An ISO 27001 internal audit involves examining an organization’s Information Security Management System (ISMS) before undergoing an ISO audit with an external auditor. The internal audit aims to help identify gaps or deficiencies that could affect an organization’s ISMS and impact its ability to meet its intended objectives and complete an initial or annual ISO 27001 certification audit.


The internal audit function is a requirement under the ISO 27001 standard. However, unlike a certification review where an organization must use an external third party to conduct the audit, either staff within an organization or an independent third party—such as a consulting firm—can perform an audit. 


When determining its approach to the execution of an internal audit, a company must:

  • Ensure the auditor is objective and impartial, meaning there are no conflicts of interest and that appropriate separation of duties are in place (i.e., the auditor has not implemented or does not operate or monitor any of the controls under audit).
  • Ensure the auditor is qualified and competent regarding auditing processes and procedures, as well as the ISO 27001 standard.


The internal audit results, including nonconformities, should be shared with a company’s ISMS governing body and senior management to ensure oversight and identify issues before proceeding to the external audit.

Additional resources you might like:

ISO 27001
Event
ISO 27001 Compliance for SaaS

On 10 October at 2 PM BST, join the Ask Me (Almost) Anything with Herman Errico and Kim Elias, compliance experts at Vanta. They’ll answer (almost) all your questions about ISO 27001 compliance.

Compliance
Event
Ask Me (Almost) Anything: Security, Compliance & The Remote Workplace

Is your business partially or fully remote? Are you wondering how the remote workplace impacts your compliance and security?

Compliance
Event
Coffee & Compliance: Streamlining SOC 2 compliance with Vanta and AWS

SOC 2 is a sought-after security framework for growing SaaS companies. It demonstrates your ability to safeguard the privacy and security of your customer data. But achieving it can be time-consuming and expensive.

Get compliant and
build trust, fast.