Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

Blogs

Events

Glossary

Guides and reports

What is the ISO 27001 Stage 2 Audit?

‍

The ISO 27001 Stage 2 Audit—also known as the Main or Certification audit—is the second part of the two-stage external ISO certification process and follows the successful completion of the Stage 1 audit. The Stage 2 Audit consists of the auditor performing tests to ensure an organization’s Information Security Management System (ISMS) was properly designed and implemented and is functioning appropriately. The auditor will also evaluate the fairness and suitability of the organization’s controls to determine if the controls have been implemented and are operating effectively to meet the ISO 27001 standard requirements.

‍

An ISO 27001 certification is valid for three years; however, ISO requires surveillance audits be performed each year to ensure the ISMS and its implemented controls continue to operate effectively. Every 12 months during the three-year cycle, an organization’s ISMS must undergo an external audit, where an auditor will assess portions of the ISMS.

‍

Related Terms

Additional resources you might like:

GRC

Events

AI and Trust: Navigating Maturity, Influence, and Risk

Join Ashish Rajan, CISO at Kaizenteq, and Faisal Khan, GRC Subject Matter Expert at Vanta for a tactical conversation on what it really takes to mature compliance, risk, and trust in the age of AI

Compliance

Guide / Report

The ultimate guide to FedRAMP: A requirements guide for authorization

Learn about FedRAMP authorization, from impact levels to compliance steps, to unlock opportunities with U.S. federal agencies.

Compliance

Events

Secure from the Start: How Founders Build Compliance Into Early-Stage Growth

Hear from the Head of Information Security at Robin AI and the Co-Founder & CEO of Pavlov as they share how they embedded security and compliance into their startup journey, without slowing down innovation.

Compliance

Events

Building Trust in the AI Boom: Security, Capital, and Credibility from Day One

Join the CFOs of Vanta and Mercury for a tactical conversation on how early-stage teams can build trust with investors and buyers, without slowing down.

Compliance

Events

Live Demo: Accelerate security and compliance workflows with AI

Join us for a live demo where we’ll walk you through the AI functionality within the Vanta platform and how it can simplify your compliance process. Plus, you’ll have the opportunity to ask live questions—whether it’s about AI specifically, compliance, or how to get started with Vanta.

Compliance

Events

Product Demo: Automating Compliance for ISO 27001, GDPR and more with Vanta

Watch on-demand to explore how Vanta's automation can streamline your compliance efforts and save you time and money - all while helping you build customer trust.

Compliance

Events

Live-Produktdemo: ISO 27001- und SOC 2-Compliance mit Vanta einfach umsetzen

Der Nachweis von Compliance mit einem Sicherheitsrahmensystem wie ISO 27001 oder SOC 2 ist nicht nur für den Ausbau Ihres Unternehmens und die Beschaffung von Kapital unverzichtbar, sondern schafft auch die so wichtige Vertrauensbasis.

GRC

Events

Security, AI, and Trust: What We Learned from the Trust Maturity Report

Listen on-demand for a conversation with Matt Johansen, Founder & Security Researcher at Vulnerable U, as we dig into the findings of the report and explore what trust maturity looks like at every stage of growth.

Compliance

Events

Live Demo: Automating Compliance for SOC 2, ISO 27001, HIPAA, and More

Discover how Vanta’s automation and AI tools can help your team simplify compliance, strengthen security, and scale trust across frameworks like SOC 2, ISO 27001, HIPAA, and more.

Follow us

What is the ISO 27001 Stage 2 Audit?

Related Terms

Additional resources you might like:

Additional resources you might like:

Get compliant and build trust—fast