Skip to content

Your glossary for risk and compliance

Helpful definitions of all of the terms you need to know to better manage risk and compliance.

ISO 27001

What is an ISO 27001 internal audit?

An ISO 27001 internal audit involves examining an organization’s Information Security Management System (ISMS) before undergoing an ISO audit with an external auditor. The internal audit aims to help identify gaps or deficiencies that could affect an organization’s ISMS and impact its ability to meet its intended objectives and complete an initial or annual ISO 27001 certification audit.

The internal audit function is a requirement under the ISO 27001 standard. However, unlike a certification review where an organization must use an external third party to conduct the audit, either staff within an organization or an independent third party—such as a consulting firm—can perform an audit. 

When determining its approach to the execution of an internal audit, a company must:

  • Ensure the auditor is objective and impartial, meaning there are no conflicts of interest and that appropriate separation of duties are in place (i.e., the auditor has not implemented or does not operate or monitor any of the controls under audit).
  • Ensure the auditor is qualified and competent regarding auditing processes and procedures, as well as the ISO 27001 standard.

The internal audit results, including nonconformities, should be shared with a company’s ISMS governing body and senior management to ensure oversight and identify issues before proceeding to the external audit.


Back to glossary search

Why businesses and advisors choose 6clicks

It's faster, easier and more cost effective than any alternative.

6clicks Circle Logo

Powered by artificial
intelligence

Experience the magic of Hailey, our artificial intelligence engine for risk and compliance.

6clicks Circle Logo

Unique Hub & Spoke architecture

Deploy multiple teams all connected to a hub - perfect for federated, multi-team structures.

6clicks Circle Logo

Fully integrated
content library

Access 100's of standards, control sets, assessment templates, libraries and playbooks.

Are you ready to experience AI-powered GRC?