ISO 27001 Audit Checklist

If you are planning your ISO 27001 internal audit, you may be looking for some kind of an ISO 27001 audit checklist.

Every company is different. And if an ISO management system for that company has been specifically written around it’s needs (which it should be!), each ISO system will be different, and the internal auditing process will be different. We explain this in more depth here

However, you can create your own basic ISO 27001 audit checklist, customised to your organisation, without too much trouble. Read on to find out how.

By the way, We’re taking a broad, simple approach in this blog. But for the best results, we’d recommend some training to make the whole process much easier. However, sharing some basics will, at least, demystify the process and provide a basic framework.

And these broad principles are applicable for internal audit of other standards, such as ISO 9001, ISO 14001, etc.:

So, some basic steps in the process:-

  • Document review. Quite simple! Read your Information Security Management System (or part of the ISMS you are about to audit). You will need to understand processes in the ISMS, and find out if there are non-conformity in the documentation with regard to ISO 27001. A call to your friendly ISO Consultant might help here if you get stuck(!)
  • Creating the checklist. Also quite simple – make a checklist based on the document review, i.e., read about the specific requirements of the policies, procedures and plans written in the documentation and write them down so that you can check them during the main audit. For example, if the data backup policy requires the backup to be made every 6 hours, then you have to note this in your checklist in order to check if it really does happen. Take time and care over this! – it is foundational to the success and level of difficulty of the rest of the internal audit, as will be seen later.
  • Planning the main audit. Or “make an itinerary for a grand tour”(!) . Plan which departments and/or locations to visit and when – your checklist will give you an idea on the main focus required.
  • Performing the main audit. It is astonishingly practical! Walk around the company talk to staff, check computers and other equipment, observe physical security, etc. Your previously-prepared ISO 27001 audit checklist now proves it’s worth – if this is vague, shallow, and incomplete, it is probable that you will forget to check many key things. And you will need to take detailed notes.
  • Reporting. Summarize all the non-conformities and write the Internal audit report. With the checklist and the detailed notes, a precise report should not be too difficult to write. From this, corrective actions should be easy to record according to the documented corrective action procedure.
  • Follow-up. It’s the internal auditor’s job to check whether all the corrective actions identified during the internal audit are addressed. The checklist and notes from “walking around” are once again crucial as to the reasons why a nonconformity was raised. The internal auditor’s job is only finished when these are rectified and closed, and the ISO 27001 audit checklist is simply a tool to serve this end, not an end in itself!

Checklist Format – Some Basic Guidelines

A suggestion to aid simplicity! We’d recommend 4 columns as follows:-

  1. Reference – e.g. the clause number, section number of a policy, within the standard.
  2. What to look for – what to examine, monitor, etc., during the main audit – whom to speak to, which questions to ask, records to look for, facilities to visit, equipment to check, etc.
  3. Compliance – Simply, has the company has complied with the requirement? Yes or No, or occasionally “not applicable”.
  4. Findings – Details of the more-specific “findings” of the main audit I.e. staff spoken to, quotes of what they said, IDs and content of records examined, description of facilities visited, observations about the equipment checked, etc.

So,the internal audit of ISO 27001, based on an ISO 27001 audit checklist, is not that difficult – it is rather straightforward: you need to follow what is required in the standard and what is required in the documentation, finding out whether staff are complying with the procedures.

With a good ISO 27001 audit checklist audit checklist, your task will certainly be a lot easier.

And if you need our help, or even want us to run some training for you, please drop us a line at

Leave a comment

Filed under ISO

Issues with Jobs

Jobs , Job Seeker and Employers are never friends. They always have repelling  effect between them. Below are perennial problems of the society and those are increasing day by day:

  • People do not get jobs,
  • Employers do not  get right candidate,
  • High level of attrition in the organizations
  • People are not ready to join even they are offered
  • Please read the blog of our Co-Founder where he has shared his experience on “Why do people leave job?”

We are conducting an interesting Webiner on”Why do people fail to get job“. Anyone interested may register here.

In addition to that we carry out Skill Development, Campus Connect, Live project based training etc. Expression of interest for converting “Ability to Employability” can be recorded here.

Comments Off on Issues with Jobs

Filed under Uncategorized

Vijaya Greetings

Dear Well Wisher,

Subha Bijaya from Prime!

Trust you have spent good times with your family, friends and relatives. Durga Puja, being the one of the largest festivals in Bengal, gives all of us the desired break in our busy schedule to refresh / energize ourselves. Even though Duargapuja, Dussera, EID and Lakshmi Puja got over, the festive times lingers with upcoming Kalipuja, Diwali and Bhaiphonta/Bhaiduj.

Hence this is not the time for an enterprise to invest, but rather to look back  on previous investments. This is the time to compile, consolidate, optimize and plan to achieve best ROI from the infrastructure built already.

In our lives, we get very minimal chances/time like this where we can have the freedom to look beyond OEM/Manufacturer’s, System Integrator’s influence and take independent decisions. This is the time to have a gap analysis in People, Process, and Tools inside the organization and  to plan for the future

Each product/solution is having its own merits provided its features/functionalities are configured/customized/synchronized as per Organizational needs. Otherwise it is like a black box or any other competitive box and we tend to get trapped into it. Every product becomes great whenever it is fine-tuned as per enterprise requirements.

With the blessings from the evil-slayer goddess Durga, it is time to  figure out the evils/ black holes/gaps in your enterprise and focus to bridge the gap.

In this journey, if you need a right partner to set the guideline for you without any commercial obligation, you may consider us.

Let our journey continue together for  greater heights in life.



Subha Bijoya

Leave a comment

Filed under Greetings

Lady Coordinator Opening at Prime


Company: Prime Infoserv LLP

Role: Lady Coordinator for Back Office Operations:

Location: Kolkata. West Bengal, India


  • Co-ordination with customers for orders, proposal, payment collection etc
  • Co-ordination with vendors/contractors/OEMS for pricing, material delivery
  • Creation of Proposal
  • Raising Invoice
  • Co-ordination with Accounts/Finance for VAT, CST, TDS calculation, return submission
  • Mail Communications with different stake holders
  • Tracking proposal, orders, invoices in terms of CRM
  • Communicating with existing customers for relationship management ( taking feedback, identification of cross-selling/upselling opportunities)


  • Education – No bar, Good English communications skills (reading, writing , speaking) mandatory
  • Experience – No bar, Freshers are also welcome with good attitude (desire for learning , ownership and accountability)
  • Desirable (not mandatory) – Working knowledge with Talley, Accounts background will add values

Contact :,

Comments Off on Lady Coordinator Opening at Prime

Filed under Job

Systems Integration Services

OpenSource Based Systems Integration

  • Redhat, SuSE Linux
  • SSO, LDAP, DHCP, DNS, Web Services, Database.E-mails etc

Network Management System implementation

Voice-Data Solutions

Video Conferencing Solution(Software based)

Comments Off on Systems Integration Services

Filed under Solution & Services

Linux Based Solutions & Services

Linux Internet Servers:-

  •     Web – Apache HTTP Server, Apache Tomcat
  •     Databases – MySQL, PostgreSQL, Oracle
  •     Programming and scripting – PHP, Java, Perl,
  •     JavaScript, CSS, XHTML, Bash
  •     FTP – ProFTPD, Pure-FTPd, vsftpd
  •     SMTP (outgoing email) – exim, postfix, qmail, sendmail
  •     POP3 and IMAP (incoming email) – qpopper, UW IMAP, Courier-IMAP
  •     DNS (Domain Name System) – BIND, djbdns
  •     Web control panels – cPanel and WebHost Manager
  •    Plesk, DirectAdmin, Webmin

Linux Virtualization:-

  •     VMware ESX, ESXi, VMware Server
  •     Xen – Amazon EC2 Cloud, Citrix XenServer
  •     User Mode Linux (UML)
  •     Manage Large Networks (MLN)
  •     Linux Remote Access:-
  •     SSH (Secure SHell) – OpenSSH
  •     VNC (Virtual Network Computing)
  •     X Window System (X.Org, X11)
  •     OpenVPN

Linux Security:-

  •     Network monitoring – SNMP, Nagios, Big Brother/Hobbit, MRTG, Cacti
  •     SSL/TLS encryption – OpenSSL, stunnel
  •     Intrusion Detection Systems (IDSs) – Snort
  •     Tripwire (file integrity checker)

Linux Internal Network Servers:-

  •     File server – Samba (SMB, CIFS), NFS, iSCSI
  •     LDAP (directory services) – OpenLDAP
  •     DHCP – ISC DHCP
  •     Routing – Quagga, OSPF, RIP, VRRP, CARP

Linux Distributions:-

  •     Red Hat Enterprise Linux (RHEL)
  •     CentOS
  •     SUSE Linux Enterprise Server (SLES)
  •     Debian GNU/Linux
  •     Ubuntu Server and Desktop Editions
  •     openSUSE
  •     Fedora

Leave a comment

Filed under Solution & Services

Job Opening @ Prime

We have following openings , let us know if you have candidates to be based out at Kolkata.

Sales: (qty 4)

• Good English Communication
• Good Personality
• Ambitious & geared up for roaming around around to the market for hitting enterprise customers
• Hard working & passionate about sales
• Freshers are welcome
• MBA will be added advantage

Telecaller (qty 1)

• Good English communications
• Lady Candidate preferable
• 6months to 1 year outbound calling exp desirable

Developer (qty 1)

Fresher with Knowledge on Java , PHP, HTML
SEO Knowledge

Comments Off on Job Opening @ Prime

Filed under Job