Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

Blogs

Events

Glossary

Guides and reports

What is the ISO 27001 Stage 2 Audit?

‍

The ISO 27001 Stage 2 Audit—also known as the Main or Certification audit—is the second part of the two-stage external ISO certification process and follows the successful completion of the Stage 1 audit. The Stage 2 Audit consists of the auditor performing tests to ensure an organization’s Information Security Management System (ISMS) was properly designed and implemented and is functioning appropriately. The auditor will also evaluate the fairness and suitability of the organization’s controls to determine if the controls have been implemented and are operating effectively to meet the ISO 27001 standard requirements.

‍

An ISO 27001 certification is valid for three years; however, ISO requires surveillance audits be performed each year to ensure the ISMS and its implemented controls continue to operate effectively. Every 12 months during the three-year cycle, an organization’s ISMS must undergo an external audit, where an auditor will assess portions of the ISMS.

‍

Related Terms

Additional resources you might like:

Product updates

Vanta events | Vanta

Trust is a Team Sport

Join us on March 19th at 10 am PT for our upcoming virtual launch event! Jeremy Epling (CPO at Vanta) will introduce new product capabilities designed with teamwork in mind. Join us to see how Vanta can help you collaborate easily with your extended team of employees, vendors, auditors, and customers—and win together.

ISO 42001

Vanta events | Vanta

Compliance for AI in Europe: Preparing for Emerging AI Laws and Regulation

Join our webinar to explore how ISO 42001 and the EU AI Act help your company stay compliant, secure, and ahead of evolving AI regulations with expert insights and practical strategies.

ISO 27001

Vanta events | Vanta

Live Demo: Simplify ISO 27001 and SOC 2 compliance with Vanta

Join our live demo to see how Vanta automates up to 90% of your ISO 27001 and SOC 2 compliance work, saving you time and reducing manual effort.

Compliance

Vanta events | Vanta

Live Demo: Automate compliance to fuel your startup's growth

Join our 45-min live demo to discover how automating compliance can streamline processes, save time, and fuel your startup’s growth.

Compliance

Vanta events | Vanta

Live Demo: Automating security and compliance workflows

Join our product demo to discover how automation, continuous monitoring, and centralized workflows can streamline your GRC program, enhance control visibility, and improve vendor and buyer security management—all within a single platform.

GRC

Vanta events | Vanta

Unlocking the ROI of GRC: The Business Value of Vanta

Discover how Vanta empowers organizations to achieve exceptional results in their Governance, Risk, and Compliance (GRC) programs.

Compliance

Vanta events | Vanta

Building Trust Beyond Compliance: A Continuous Approach to Security

Watch our special Ask Me Almost Anything (AMAA) session featuring Vanta CISO Jadee Hanson, along with Mandy Matthew, Senior Security Risk Program Manager at Duolingo, and Divya Singh, Senior Director of Compliance and Privacy at Chegg.

Security

Blog

A data-driven look at the top security tools for startups

There’s no shortage of options when it comes to security tools for startups. Here's a data-driven look at the top tools used most frequently by startups.

ISO 27001

Vanta events | Vanta

Live Demo: How to streamline ISO 27001 and SOC 2 compliance with automation

Watch Vanta’s 45-minute demo to see how our platform automates up to 90% of the work for achieving ISO 27001 and SOC 2 compliance, helping you streamline security and move towards continuous compliance.

Follow us

What is the ISO 27001 Stage 2 Audit?

Related Terms

Additional resources you might like:

Additional resources you might like:

Get compliant and build trust—fast