Skip to content

Your glossary for risk and compliance

Helpful definitions of all of the terms you need to know to better manage risk and compliance.

ISO 27001
Cyber security

What is the ISO 27001 stage 2 audit?

The ISO 27001 Stage 2 Audit—also known as the Main or Certification audit—is the second part of the two-stage external ISO certification process and follows the successful completion of the Stage 1 audit. The Stage 2 Audit consists of the auditor performing tests to ensure an organization’s Information Security Management System (ISMS) was properly designed and implemented and is functioning appropriately. The auditor will also evaluate the fairness and suitability of the organization’s controls to determine if the controls have been implemented and are operating effectively to meet the ISO 27001 standard requirements.

An ISO 27001 certification is valid for three years; however, ISO requires surveillance audits be performed each year to ensure the ISMS and its implemented controls continue to operate effectively. Every 12 months during the three-year cycle, an organization’s ISMS must undergo an external audit, where an auditor will assess portions of the ISMS.

Back to glossary search

Why businesses and advisors choose 6clicks

It's faster, easier and more cost effective than any alternative.

6clicks Circle Logo

Powered by artificial

Experience the magic of Hailey, our artificial intelligence engine for risk and compliance.

6clicks Circle Logo

Unique Hub & Spoke architecture

Deploy multiple teams all connected to a hub - perfect for federated, multi-team structures.

6clicks Circle Logo

Fully integrated
content library

Access 100's of standards, control sets, assessment templates, libraries and playbooks.

Are you ready to experience AI-powered GRC?