Understanding the ISO 27001 Certification Audit Process It's one of the most common questions we get asked as organisations pursue ISO 27001. What happens at the certification audit? Firstly, the certification audit is undertaken in two parts a Stage 1 audit and a Stage 2 audit, both undertaken by a certification body. The audits have two distinct roles. Stage 1: Documentation Review The first stage is primarily a desk-based assessment where auditors examine your Information Security Management System (ISMS) documentation to see if you are ready [...]