Audit Details
Lead Auditor: / Date:
Type of Audit:
Duration:
Audit Objective: Verify that the approved ISMS continues to be implemented, to consider the implications of changes to that system initiated as a result of changes in the client organisation’s operation and to confirm continued compliance with certification requirements.
Management System Standard(s): ISO 27001:2013
Company Details
Company Name: / Application Dev & maint Staff: Workstations: Servers: Users: Networks: Internet Connections:
Address: / Contact:
Phone:
Fax:
Email:
Revision Status of Company’s Documented Management System
Policy Documents:
Procedures:
Work Instructions:
Scope:
IMS Assessment Team / Company Representatives
1. / 1.
2. / 2.
3. / 3.
The contents of this report are confidential to the company, as named above, and IMS. As such, distribution to persons not under the employ of either party must be agreed by both parties prior to circulation.
The non-compliances and observations contained within this report are the result of limited sampling and therefore it cannot be assumed that others do not exist. / The signature of the company’s representative indicates their agreement and understanding of the noncompliances and observations found and that are the subject of this report.
Signed:
(Lead Auditor)
Name: / Date: / Signed:
(Company)
Name: / Date:
Form 9G / 13 Page 3 of 5
/ AUDIT REPORT / Job No:Audit Summary
General Comments or Concerns and details of any temporary sites:
Comments of Concerns regarding the reliability of the organisation’s internal audits and management reviews:
Concerns? Yes No
Comments or concerns regarding the effectiveness of the management system to achieve client’s objectives of the information security policy:
Concerns? Yes No
Comments or concerns regarding progress of planned activities aimed at continual improvement:
Concerns? Yes No
Comments or concerns regarding the functional performance for the periodic evaluation and review of compliance with relevant information security legislation and regulations:
Concerns? Yes No
For Integrated Management Systems; confirm the level of integration has not changed and day allocation remains suitable:
Suitable? Yes No NA
Comments or concerns regarding any changes within the company or system:
Concerns? Yes No
Comments of Concerns regarding the organisations complain handling process and use of the IMS and UKAS logos and Certificate:
Concerns? Yes No
Recommendations and follow-up action required, confirm audit objective complete:
Audit objective complete: Yes No
Corrective Action Plan Required: Yes No
Objective Evidence Required: Yes No
Recommend Continuation of Certification: Yes No
Any changes made that would require a review by IMS? (staff changes, scope change, Major Findings etc) Yes No
Opening Meeting Mandatory Agenda
Attendees (including organisations management team):
(a) / Introduction of participants, including an outline of their roles
(b) / Confirm the scope of certification
(c) / Confirm the audit plan (include the scope of audit, objectives and criteria)
(d) / Establish official communication links between the audit team and company
(e) / Confirmation that resources and facilities needed by the audit team are available
(f) / Review and confirm the confidentiality agreement
(g) / Confirmation of relevant work safety, emergency and security procedures for the audit team
(h) / Confirmation of the availability, roles and identities of any guides and observers
(i) / The method of reporting, including any grading of audit findings
(j) / Information about the conditions under which the audit may be prematurely terminated
(k) / Confirmation that the audit team leader and audit team representing the certification body is responsible for the audit
(l) / Confirmation of the status of findings of the previous review or audit, if applicable
(m) / Methods and procedures to be used to conduct the audit based on sampling
(n) / Confirmation of the language to be used during the audit;
(o) / Confirmation that, during the audit, the client will be kept informed of audit progress and any concerns
(p) / Opportunity for the client to ask questions
Notes:
Attendees (including organisations management team):
(a) / Thank the company for their hospitality and for their assistance and co-operation.
(b) / Overall summary of assessment, non-compliances and observations found during the audit.
(c) / Deliver any non-conformances and observations and explain the timeframe and process for response. Ensure findings have been understood
(d) / Present recommendation for or against continuing with certification
(e) / Explain the continued surveillance audit cycle
(f) / Explain the appeals process
(g) / Invite questions from the company’s representatives including comments on this report
(h) / Leave a photocopy/electronic copy of the IMS Audit Report with the company.
Notes (if any diverging opinions cannot be resolved, record them here):
Form 9G / 13 Page 3 of 5