Audit
What is an Audit
An audit is a tool used to review a process or function to determine if it is fit for purpose. Audits examine and compare a process against the documented version of it to determine if it still meets its aims and goals. In this way, they are great simulators for change and growth within a business, as they can highlight potential areas for improvement.
There are a number of different audits. These audits can be broadly categorised as:
ISO Internal audits
Internal audits should be formal, impartial, objective, and organised in accordance with your internal audit procedures. They should inspect your company’s processes and check that your policies and procedures comply with those documented within your Information Security Management System/Quality Management System. Auditors find that using a checklist to record evidence helps them to perform consistent audits as well as evaluate the extent to which the process they are looking at aligns with the documentation. By looking at how things are done and comparing them with how they should be done, you can identify areas for improvement. You should record these observations and review the audit results at regular management review meetings, which should occur between one and four times a year.
Recertification Audit
A Recertification Audit is performed at the start of a certification cycle. Its purpose is to ensure that a business has been maintaining its Management System correctly and that all documented procedures comply with the ISO Standard.
This type of audit is in-depth and will look at all documented processes.
Businesses looking to maintain their certification must sit Recertification Audit as it is a requirement that certified bodies such as Cyber Framework Solutions ensure the ongoing compliance of a certified organisation against strict guidelines.
Compliance Audit
Businesses who have a Management System, but no agreement for on-going audit support, may wish to confirm that their system is compliant with ISO Standards.
This is where the Compliance Audit comes in.
This in-depth check of a Management System compares it against the ISO Standard, ensuring that it meets all of the requirements.
This type of audit isn’t appropriate for all businesses but for those who already have their Management System prepared, and the correct processes in place, it can be a convenient and affordable option
Remote Audit
A Remote Audit is an off-site Surveillance Audit – a periodic review of an organisation’s Management System, usually performed once a year. The audit is conducted using email and other resources to view and audit the necessary documentation.
As with the on-site version, a Remote Audit focuses on a few sections of the Management System, acting as one part of a plan to cover the entire Management System by the end of the certification cycle.
This type of audit isn’t appropriate for all businesses but for those who qualify it can be a more convenient option than an on-site Surveillance Audit.