Download this checklist

ISO 27001 Audit - IT Management Certification

Digitalize this paper form now

Register for free on lumiformapp.com and conduct inspections via our mobile app

  • Cut inspection time by 50%
  • Uncover more issues and solve them 4x faster
  • Select from over 4000 expert-proofed templates
Rated 4.8/5 stars on Capterra
App StorePlay Store

ISO 27001 Audit - IT Management Certification

Insert company logo

Scope

Enter the scope

Opening meeting

List of attendees of opening meeting and their roles

Are there any Health & Safety issues that might affect the conduct of the audit?

Overview of the company

Review of previous audit findings

Describe the findings and indicate if they have been addressed and in what way

Key themes

Identify key themes

INFORMATION SECURITY MANAGEMENT SYSTEM

ISMS Policy

Does the ISMS policy include a framework for setting objectives?

Take into account legal and regulatory requirements?

Establish criteria against which risk will be evaluated?

Been approved by management?

Record the date the ISMS policy was last updated

Risk Assessments

Has the risk assessment methodology been defined

Describe how risks are identified, analysed, evaluated and treated

Record the date the Risk Assessment was last updated

Statement of Applicability

Have control objectives and controls been defined, selected, implemented or justification for their exclusion been documented.

Record the date the SoA was last updated

Operating the ISMS

How is the effectiveness of controls measured to ensure consistent and reproducible results?

Is there a log of actions and events which impact upon the effectiveness of the ISMS? Give examples of records seen

Is there evidence of any improvements to the ISMS?

Is there a documented Control of Documents procedure?

Is there Control of Records Procedure? Are records protected and controlled? Have the controls required to identify, store, protect, retrieve, retain, and dispose of records been documented?

MANAGEMENT RESPONSIBILITY

Is there evidence that sufficient resources have been provided to adequately monitor, review, maintain and improve the ISMS?

Is there a training and awareness programme? Give examples of records seen to demonstrate this.

How is the effectiveness of any training given evaluated?

INTERNAL ISMS AUDITS

Have Internal ISMS audits been conducted and is there evidence that they have been planned?

Give dates and examples of audits conducted

MANAGEMENT REVIEW OF THE ISMS

Have management reviews of the ISMS been conducted and recorded?

Give details of the inputs and outputs

Give the date of the latest management review

ISMS IMPROVEMENT

Are there any records of non-conformities? If yes how have these been addressed and what evidence was seen?

Is there any evidence of preventive action taken to identify potential non-conformities, and evaluation of the need for action? Give examples

Closing meeting

List of attendees of closing meeting and their roles

Major non-conformances

List any MAJOR non-conformances

❌I regret to inform you that on this occasion I am unable to recommend your certification

Minor non-Conformances

List all MINOR non-conformances

Observations and opportunities for improvemement

List any observations or opportunities for improvement

I am pleased to be able to tell you that you have met the requirements of the standard and I will therefore be recommending your certification

Sign off the audit