Secure Controls Framework
Download The SCF
ISO 27001

What are ISO 27001 surveillance audit requirements?

Direct Answer

After initial certification, ISO 27001 requires annual surveillance audits by the certification body to verify the ISMS continues to operate effectively. Surveillance audits are shorter than the full certification audit and focus on a sample of controls, any known nonconformities, and organizational changes. A full recertification audit occurs every three years.

Keep Exploring

Relevant Resources

References

Authoritative Sources