Within the ISMS Cluster, we've created a project called "Audit Programme", which provides a standard template for planning your audits, conducting them, and recording your audit findings. The Audit Programme as a whole is split into three sections:
- Your Pre-Certification Audits
- Your Internal Audit Programme (covering your three years of Certification)
- Your External Audits
You can create a separate team for the Audit Programme if you wish to, by allocating appropriate users as team members to the programme. This can be done by clicking the "Team" button in the top right of the programme.
How to Access the Audit Programme and its contents
To access the Audit Programme, simply:
- Hover over "Work" in the navigation bar at the top of the platform.
- Then hover over your ISMS Cluster.
- Select "Audit Programme" from the options it presents, and you'll be in the Audit Programme.
- You will then see three sections- the section for your Pre-Certification Audits, that for your Internal Audit Programme, and your External Audit section. Click on whichever you wish to access.
To access the contents of each section, simply hover over the name of the section you want to access, then click on the name followed by the activity you want to access.
Your Pre-Certification Audit section consists of:
- Your ISMS Documentation Review
- Your ISMS Process/Focus Area Audit
- An activity to document your agreed audit plan for the next three years in for once you're certified.
The Internal Audit Programme section is where you will document the internal audits you plan to conduct during your certification lifecycle.
Lastly, the External Audits section is where you will document your external audits- namely, those that will be conducted by an auditor from an external certification body. These activities consist of:
- Your Certification Stage 1 Audit
- Your Certification Stage 2 Audit
- Two Surveillance Audits
- Your Recertification Audit
How to make Amendments
If you wish to make changes or additions to the text within an audit activity, you can do this by clicking on the text box in the middle of the activity, making the changes, and then clicking on the green button at the bottom of the text box, saying "Update note".
If you wish to add more activities to any section of your programme (such as an additional internal audit), you can do this by hovering over the phase (or section) you wish to add it to and clicking "Add Activity". This will prompt you to create a name for this activity. Once this is done, you will see a drop-down menu above the button "Create Activity". This allows you to select where you want it to be stored.
Where should I store my Certificate once Certified?
In terms of where to store your Certification, this is entirely up to you. One potential action would be to store it in Certification Stage Audit 2 activity, another would be in the documents section of your ISMS Cluster.
What do I do with my External Audit Results?
As the auditor will usually forward the audit results to you either by email or by post, you can simply add the results themselves into the audit activity template.
How do I link my Audit Programme to my Corrective Actions Track?
In case any nonconformities or opportunities for improvements (OFIs) are discovered during your audits, you can include a link to the Corrective Actions and Improvements Track in the 'Linked Work' section of your Audit Programme. This can be found at the bottom of the column on the left hand side of the relevant activity in your audit programme.