Let’s Talk Audits
If you’ve come across this blog, it’s likely that you already know what ISO 27001 is. However, for those who are unsure or simply need a refresh, ISO 27001 is the internationally recognised standard for Information Security Management. The standards, created by ISO (international organisation for standardisation), exist to ensure high-quality products and services, good health and safety procedures, eco-friendly practices, and more.
The word ‘audit’ is often associated with stress for many Quality Managers or other employees who deal with compliance and the company’s ISO certification. But, audits don’t have to be stressful. By having an awareness of common pitfalls, everything is more likely to run smoothly, and who doesn’t want that?
So, what are some of the top reasons for failing an ISO 27001 audit?
1. Documentation – Or Lack of It…
Poor, missing, or even worse, unpublished documentation is a huge pitfall. You may fail an audit if a required document is unpublished.
It is also worth noting that being able to produce documents is one thing, but consideration also needs to be given to how they will be stored. They should be easy to locate while being protected from accidental loss.
If you learn anything from the mistakes of others when it comes to documentation, ensure you are prepared!
2. Implementation of the Polices, Processes or Procedures
Many fail when it comes to the implementation of the policies, procedures, and processes defined in the organisation’s ISMS (information security management system). Here’s how:
The auditor speaking to employees is where it can go wrong. An organisation’s staff are its first line of defense while also having the potential to be the weakest link. In preparation for an impending ISO 27001 audit, you want to ensure you are involving your employees. If you aren’t leaving enough time to involve staff or simply do not involve them at all, you risk panic in the office followed by some hastily-convened communications which the staff have no time to digest.
So, how can you ensure this doesn’t happen? Brief your staff, they’ll thank you for it and you will thank yourself for it too. By doing so, everyone will be familiar with the applicable policies, procedures, and processes they are expected to comply with. They will also need to be aware of where they can find such policies and procedures. A good way of staying on top of this is through regular training or interactive sessions, this will help keep information security at the forefront of employees’ minds.
3. Surveillance Audit
The third area where you are most likely to fail an audit is the very first surveillance audit. Of course, you can let out a collective sigh of relief upon being awarded your certificate, but never become too comfortable!
Your surveillance audit can creep up on you, and by taking your foot off the pedal things can get missed, such as documentation becoming out of date, no meeting minutes or it’s been nine months since the last staff training or engagement session.
It pays to keep on top of the hard work you’ve done and it’s much easier to maintain.
We can Help with the Upkeep of Your ISMS Management Processes
Audits should not be stressful and at Swift, we strive to ensure they run as smoothly as possible. Our dedicated team of experts are specially trained to ensure that you understand what is happening throughout the process, answer any questions and ensure the highest standard of ongoing support and aftercare.
Our specialists use 21st-century methods to help you achieve and maintain your certification, whilst providing excellent customer service.
We know that expertise is crucial to delivering a world-class service, and all our auditors have 15+ years of experience in a broad range of industries, giving you peace of mind that you are in safe hands. We recognise that time is valuable and always conduct our audits within the specified timeframe.
Read what our clients say here.
