ISO 27001 certification audit training

	See also...  Guidance service for ISO 27001 implementation  ISO 27001 status overview  General presentation of our ISO 27001 services  HSC ethical and deontological guidelines

Objective of the service

To assist the customer in getting ready for the certification audit. For this, the HSC consultants use the exactly same approach and methods than the certification auditors. This service is a mock certification audit.

In which cases to select this service

You have implemented an Information Security Management System and you want to ensure that you are effectively ready before calling the certification auditors.

Results of the service

We deliver you two reports:

• An audit report summaring every observed non-conformity and corrective/preventive actions that are proposed by the audited party. This report can be integrated by the customer in his ISMS as an outsourced internal audit report.
• A advice report giving all recommendations that are to be taken into consideration before calling the certification auditors.

Detailled description

The consultants perform the audit of the ISMS in the same conditions as during a real certification. Consequently, they use the ISO 19011 approach which requires two well-defined steps:

• First step: Documentation review
• Second step: Main audit

First step: Documentation review

During this review, the HSC consultants look over the ISMS documentation, conforming to ISO 27001 chapter 4.3.1. A particular consideration is focused on the following documents:

• ISMS policy
• ISMS scope
• Statement of Applicability (SoA)
• Risk management procedure
• Risk assessment report
• Risk treatment plan
• Etc.

Second step: Main audit

The HSC consultants audit each requirement of the ISO 27001 standard as they are implemented in the customer organisation. The objective is to ensure the compliance of the practice with the documentation.