Guidelines with regard to the necessary competencies that auditors must possess to audit an ISMS

Guidance on managing an audit program and planning and conducting management system audits

Requirements for bodies providing audit and certification services

The customer audits suppliers to make purchasing decisions

The organization is audited by an independent organization to ensure conformity to the specified criteria

The organization audits its external providers to ensure that they are fulfilling contractual obligations

Auditee

Audit team leader

Certification body

No, the auditor cannot disclose information of the auditee under any circumstances

Yes, the auditor can disclose the auditee’s confidential information only after a minimum of two years has passed

Yes, if they are authorized or required by law

To minimize the possibility of not meeting the audit objectives

To reach reliable and reproducible audit conclusions in a systematic audit process

Both A and B

Preparing the audit conclusions

Preparing the audit report

Documenting audit activities and audit findings

First-party audit

Second-party audit

Third-party audit