What is the purpose of an ISO 27001 internal audit?

ISO 27001:2017 recommends for organisations to undertake internal audits at planned intervals (Clause 9.2). Information security management system (ISMS) internal audits are undertake to ensure the organisation conforms to its own ISMS requirements and the requirements of ISO 27001. Internal auditing ensures the management system is implemented and maintained. Internal auditing also allows organisations to identify any nonconformities and opportunities for improvement. To learn more about auditing an ISMS please view our ISO 27001 Internal Auditor training course which provides delegates with the skills to plan, conduct, report and follow up an ISMS internal audit.