When does the surveillance audit take place?

Prepare for the PECB Certified ISO/IEC 27001 Lead Auditor Exam with our comprehensive quiz. Test your knowledge with multiple-choice questions and detailed explanations. Get exam-ready!

Surveillance audits are a critical part of the ongoing compliance process following the initial certification of an organization's management system, such as ISO/IEC 27001. They typically take place after an organization has obtained certification to ensure that the management system continues to meet the required standards over time.

The purpose of a surveillance audit is to evaluate the effectiveness of the management system in continuously managing information security risks, verifying adherence to the ISO standard, and confirming that the organization maintains its compliance with the requirements. Surveillance audits are generally scheduled at regular intervals, often annually, to provide ongoing assurance to stakeholders about the robustness and effectiveness of the information security management system.

Other options describe processes that occur at different stages of the certification journey. The stage 2 audit represents the final assessment prior to certification, while an audit follow-up occurs as a result of findings from previous audits. The option regarding the period before the initial audit does not apply, as there would be no need for surveillance until after certification has been achieved.

Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy