Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is the ISO 27001 Stage 2 Audit?

The ISO 27001 Stage 2 Audit—also known as the Main or Certification audit—is the second part of the two-stage external ISO certification process and follows the successful completion of the Stage 1 audit. The Stage 2 Audit consists of the auditor performing tests to ensure an organization’s Information Security Management System (ISMS) was properly designed and implemented and is functioning appropriately. The auditor will also evaluate the fairness and suitability of the organization’s controls to determine if the controls have been implemented and are operating effectively to meet the ISO 27001 standard requirements.


An ISO 27001 certification is valid for three years; however, ISO requires surveillance audits be performed each year to ensure the ISMS and its implemented controls continue to operate effectively. Every 12 months during the three-year cycle, an organization’s ISMS must undergo an external audit, where an auditor will assess portions of the ISMS.

Additional resources you might like:

Product updates
Blog
Introducing new products to secure and accelerate an AI-powered future

Today we’re excited to announce new and upcoming product capabilities that empower you to accelerate innovation and strengthen security in an increasingly AI-driven world.

Compliance
Event
Leverage Security and Compliance to Win Over Prospects

Curious about how security and compliance can help you build trust and win over prospects? On December 13th at 8:30am PST / 4:30pm GMT, join our AMAA

Product updates
Blog
New in Vanta | October 2023

This past month, we announced the single destination to showcase your security posture, Vanta Trust Center, 19 new integrations, Private links for Vendor Risk Management, and more.

Get compliant and
build trust, fast.