top of page

Audit

ISO 27001 - Information Security Management System

ISO 9001 - Quality Management System

ISO 41001 - Facility Management System

ISO 14001 - Environmental Management System

What is an Audit?

An audit is a tool used to review a process or function to determine if it is fit for purpose. Audits examine and compare a process against the documented version of it to determine if it still meets its aims and goals. In this way, they are great simulators for change and growth within a business, as they can highlight potential areas for improvement.

There are a number of different audits. These audits can be broadly categorised as:

What is an ISO 27001 audit?

An audit is a systematic, independent, objective and documented process for gathering factual data. As part of ISO 27001 certification, a set number of audits must be performed in order to help you identify areas for improvement, ensure you have best practice processes in place and keep your corporate information and data protected.

The key objectives of an ISO 27001 audit are:

  • To ensure that your Information Security Management System (ISMS) is compliant with the ISO 27001 standard

  • To address any issues with the ISMS

  • To identify any potential improvements to the ISMS

 

Driving continual improvement is a key part of the Standards and it is recommended that you carry out regular internal and external audits as part of this process.

What is an ISO 9001 audit?

The ISO 9001 audit is an essential part of becoming and staying ISO 9001 certified. It will help you:

  • Ensure your Quality Management System complies with the ISO 9001 standard

  • Identify and address any issues with your Quality Management System

  • Identify potential improvements to your system

  • Ensure your organisation takes appropriate action to meet its quality objectives.

 

An ISO 9001 audit is a systematic, independent, objective and documented process for gathering factual data. This data will help you identify areas for improvement and ensure you have best practice processes in place.

Driving continual improvement is a key part of ISO 9001. That’s why the standard recommends you carry out regular internal and external audits

What is an ISO 41001 audit?

An audit for ISO 41001 includes a range of questions to check against and gain an understanding of what to put in place and be doing to better optimise your occupational Health & Safety system. Don’t worry though if you don’t have everything in place. CFS audits will provide you with adequate time to address the areas of non-conformance before the a certification process. 

By using our ISO 41001 audit checklist you get the most out of your safety management systems stress free.

Full compliance is necessary before you can achieve certificate. The ISO 41001 audit checklist covers the seven main areas of the ISO 41001 Standard, and asks questions in the following areas:

  • Context of the organisation

  • Leadership

  • Planning

  • Support

  • Operation

  • Performance evaluation

  • Improvement

What is an ISO 14001 audit?

An ISO 14001 audit is an essential part of implementing the ISO 14001 Environmental Management System (EMS).

It is a systematic, independent, objective and documented process for gathering facts in order to identify areas for improvement and ensure you have best practice processes in place.

Regular audits of your ISO 14001 management system and the processes within it will help you to:

  • Ensure your organisation’s EMS is ISO 14001 compliant

  • Verify that your organisation is taking suitable action to meet the ISO standard

  • Address any issues you have with the ISO 14001 framework

  • Identify ways to improve your implementation of the standard

 

The ISO 14001 standard recommends you carry out regular internal and external audits which is why auditing is an important part of our ISO 14001 certification process, CFS are here to support you though the whole process.

ISO Audit

ISO Internal audits

Internal audits should be formal, impartial, objective, and organised in accordance with your internal audit procedures. They should inspect your company’s processes and check that your policies and procedures comply with those documented within your Information Security Management System/Quality Management System. Auditors find that using a checklist to record evidence helps them to perform consistent audits as well as evaluate the extent to which the process they are looking at aligns with the documentation. By looking at how things are done and comparing them with how they should be done, you can identify areas for improvement. You should record these observations and review the audit results at regular management review meetings, which should occur between one and four times a year.

Audit-Cyber Framework Solutions

Recertification Audit

A Recertification Audit is performed at the start of a certification cycle. Its purpose is to ensure that a business has been maintaining its Management System correctly and that all documented procedures comply with the ISO Standard.

This type of audit is in-depth and will look at all documented processes.

Businesses looking to maintain their certification must sit Recertification Audit as it is a requirement that certified bodies such as Cyber Framework Solutions ensure the ongoing compliance of a certified organisation against strict guidelines.

Compliance-Audits

Compliance Audit

Businesses who have a Management System, but no agreement for on-going audit support, may wish to confirm that their system is compliant with ISO Standards.

This is where the Compliance Audit comes in.

This in-depth check of a Management System compares it against the ISO Standard, ensuring that it meets all of the requirements.

This type of audit isn’t appropriate for all businesses but for those who already have their Management System prepared, and the correct processes in place, it can be a convenient and affordable option

Internal Audits Cyber Framework Solutions

Remote Audit

A Remote Audit is an off-site Surveillance Audit – a periodic review of an organisation’s Management System, usually performed once a year. The audit is conducted using email and other resources to view and audit the necessary documentation.

As with the on-site version, a Remote Audit focuses on a few sections of the Management System, acting as one part of a plan to cover the entire Management System by the end of the certification cycle.

This type of audit isn’t appropriate for all businesses but for those who qualify it can be a more convenient option than an on-site Surveillance Audit.

bottom of page