With the ‘dress rehearsal’ stage 1 ISO 27001:2013 audit behind you, stage 2 is upon you all too quickly.
Following the stage 1 audit, you may still have further work to do. If the auditor found any major or minor non-conformances, observations or opportunities for improvement – you must have put a corrective action plan in place as a minimum. It’s unlikely that any auditor or auditing body would recommend you for certification with any major non-conformances still outstanding so this ‘showstopper’ is where you should likely start.
