A third-party audit is an independent assessment of an organisation’s management system by an

external auditor, who is not affiliated with the organisation or its customers. The auditor verifies that

the management system meets the requirements of a specific standard, such as ISO 27001, and

evaluates its effectiveness and performance. The auditor also identifies any strengths, weaknesses,

opportunities, or risks of the management system, and provides recommendations for improvement.

The purpose of a third-party audit is to provide an objective and impartial evaluation of the

organisation’s management system, and to inform a certification decision by a certification body. A

certification body is an organisation that grants a certificate of conformity to the organisation, after

reviewing the audit report and evidence, and confirming that the management system meets the

certification criteri

a. A certification decision is the outcome of the certification process, which can be positive (granting,

maintaining, renewing, or expanding the scope of certification) or negative (suspending,

withdrawing, or reducing the scope of certification). Reference:

PECB Candidate Handbook ISO 27001 Lead Auditor, pages 19-25

ISO 19011:2018 - Guidelines for auditing management systems

The ISO 27001 audit process | ISMS.online

https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/ISO-IEC-27001-LEAD-AUDITOR/page_91_img_2.jpg