Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is the ISO 27001 Stage 1 Audit?

The ISO 27001 Stage 1 Audit is the first part of the two-stage external ISO certification process. The Stage 1 Audit consists of an extensive documentation review in which an external ISO 27001 auditor reviews an organization’s policies and procedures to ensure they meet the requirements of the ISO standard and the organization’s Information Security Management System (ISMS). After completing the Stage 1 audit, the auditor will provide feedback outlining whether the organization is ready to move to the Stage 2 audit

If the auditor determines the ISMS fails to meet the requirements of the ISO 27001 standard, the auditor will typically outline areas of concern—referred to as nonconformities—and will require corrective action or corrective action plans before proceeding to the Stage 2 audit.

An ISO 27001 certification is valid for three years; however, ISO requires surveillance audits be performed each year to ensure the ISMS and its implemented controls continue to operate effectively. Every 12 months during the three-year cycle, an organization’s ISMS must undergo an external audit, where an auditor will assess portions of the ISMS.

{{cta_withimage2="/cta-modules"}}

Additional resources you might like:

Compliance
Event
Fostering a culture of security in an AI world

Join our expert-led session to explore strategies for embedding a security-first culture in an AI-driven world. We'll address unique challenges and share actionable insights to help safeguard your organization.

Compliance
Event
Strategies for scaling your GRC program with automation and AI

As your business grows, there are increasing demands around GRC programs. Join us live, as we discuss what to consider when scaling your GRC program.

Security
Event
How Trust Centers Help Save Time and Accelerate Sales

Join us on October 3rd to discover how trust centers enhance customer confidence, streamline security processes, and drive sales growth, based on IDC’s latest research.

Additional resources you might like:

Compliance
Event
Fostering a culture of security in an AI world

Join our expert-led session to explore strategies for embedding a security-first culture in an AI-driven world. We'll address unique challenges and share actionable insights to help safeguard your organization.

Compliance
Event
Strategies for scaling your GRC program with automation and AI

As your business grows, there are increasing demands around GRC programs. Join us live, as we discuss what to consider when scaling your GRC program.

Security
Event
How Trust Centers Help Save Time and Accelerate Sales

Join us on October 3rd to discover how trust centers enhance customer confidence, streamline security processes, and drive sales growth, based on IDC’s latest research.

Compliance
Event
Streamline governance, risk, and compliance workflows and save hours

Join us to learn how Vanta can streamline governance, risk, and compliance workflows, automate control monitoring, and help your team save valuable time.

Compliance
Event
How to streamline ISO 27001 and SOC 2 compliance with automation

Join Vanta’s 45-minute live product demo to learn how Vanta can help you achieve security standards like ISO 27001 or SOC 2 move towards a state of continuous compliance.

Product updates
Blog
Vanta’s latest product capabilities accelerate compliance for startups

For startups, Vanta has what you need to get compliant fast and stay compliant with ease in one integrated platform.

Product updates
Event
The Future of GRC

Join our virtual event broadcast to hear product updates and renowned security experts on the future of GRC.

Compliance
Event
Save time on security reviews with Questionnaire Automation & Trust Center

Join us to learn how Questionnaire Automation & Trust Center help security teams with questionnaires.

HIPAA
Event
Choosing the right HITRUST certification level and streamlining implementation

As an authorized reseller, Vanta’s pre-built HITRUST solution natively includes the necessary controls, documents, and policies - eliminating the manual “do-it-yourself” approach that other platforms require. Curious to see this in action? Join Vanta and HITRUST for a live session!