Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
GLOSSARY
ISO 27001
ISO 27001 Stage 1 Audit

What is the ISO 27001 Stage 1 Audit?

The ISO 27001 Stage 1 Audit is the first part of the two-stage external ISO certification process. The Stage 1 Audit consists of an extensive documentation review in which an external ISO 27001 auditor reviews an organization’s policies and procedures to ensure they meet the requirements of the ISO standard and the organization’s Information Security Management System (ISMS). After completing the Stage 1 audit, the auditor will provide feedback outlining whether the organization is ready to move to the Stage 2 audit


If the auditor determines the ISMS fails to meet the requirements of the ISO 27001 standard, the auditor will typically outline areas of concern—referred to as nonconformities—and will require corrective action or corrective action plans before proceeding to the Stage 2 audit.


An ISO 27001 certification is valid for three years; however, ISO requires surveillance audits be performed each year to ensure the ISMS and its implemented controls continue to operate effectively. Every 12 months during the three-year cycle, an organization’s ISMS must undergo an external audit, where an auditor will assess portions of the ISMS.

The compliance news you need. Delivered securely to your inbox.

Subject to Vanta's Privacy Policy, you agree to allow Vanta to contact you via the email provided for marketing and other purposes

Everything you need to get compliance audit ready, fast.