ISO 19011 – “Under ISO 19011, known as the guidelines for auditing management systems” an audit is defined as a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled. There are three different types of audits for organizations:

·       1st Party – an organization auditing its own ISO 27001 ISMS (Internal Audit)

·       2nd Party – an organization auditing a supplier (External Audit)

·       3rd Party – an organization being audited by a ISO Certification Body or Registrar (External Audit).  Also known as an ISO Certification Audit.