ISO 27001:2022 Your ISMS Internal Audit Reviewed Documents. A Stage 2 Auditor Will Test Controls. These Are Not The Same Activity And The Gap Between Them Is Where Certification Credibility Lives.
Most ISO 27001 internal audits verify documents—but certification auditors test controls. This blog explains how to align internal audit programmes with real audit expectations.