An internal audit is how you go from gap assessment to ready for external audit.
External auditors should be selected by looking for ones who themselves are audited by your regional government auditing body. Eg if you wanted to be audited and certified for ISO27001, and you happened to be in UK, you may choose BSI as your external auditor, who themselves are audited by UKAS.
It’s a web of trust model.
The purpose of these certificates are to shortcut compliance checks by your customers (or in some cases suppliers).
You don't need to use an external auditor that is your local audit provider, you just need to be sure that the audit provider (certification body) is accredited with an accreditation under IAF (eg IAS, UKAS, Dakks, COFRAC etc).
Any accredited certification body the world can audit you, and you can also save a lot by opting for a smaller certification body abroad instead of, for instance, one of the big names (I am an auditor for ISO 42001 and ISO 27001 as well)
simonjgreen|3 months ago
External auditors should be selected by looking for ones who themselves are audited by your regional government auditing body. Eg if you wanted to be audited and certified for ISO27001, and you happened to be in UK, you may choose BSI as your external auditor, who themselves are audited by UKAS.
It’s a web of trust model.
The purpose of these certificates are to shortcut compliance checks by your customers (or in some cases suppliers).
ISO27Auditor|3 months ago
Any accredited certification body the world can audit you, and you can also save a lot by opting for a smaller certification body abroad instead of, for instance, one of the big names (I am an auditor for ISO 42001 and ISO 27001 as well)
unknown|3 months ago
[deleted]