Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is the ISO 27001 Stage 1 Audit?

The ISO 27001 Stage 1 Audit is the first part of the two-stage external ISO certification process. The Stage 1 Audit consists of an extensive documentation review in which an external ISO 27001 auditor reviews an organization’s policies and procedures to ensure they meet the requirements of the ISO standard and the organization’s Information Security Management System (ISMS). After completing the Stage 1 audit, the auditor will provide feedback outlining whether the organization is ready to move to the Stage 2 audit

If the auditor determines the ISMS fails to meet the requirements of the ISO 27001 standard, the auditor will typically outline areas of concern—referred to as nonconformities—and will require corrective action or corrective action plans before proceeding to the Stage 2 audit.

An ISO 27001 certification is valid for three years; however, ISO requires surveillance audits be performed each year to ensure the ISMS and its implemented controls continue to operate effectively. Every 12 months during the three-year cycle, an organization’s ISMS must undergo an external audit, where an auditor will assess portions of the ISMS.

{{cta_withimage2="/cta-modules"}}

Additional resources you might like:

Product updates
Vanta events | Vanta
Trust is a Team Sport

Join us on March 19th at 10 am PT for our upcoming virtual launch event! Jeremy Epling (CPO at Vanta) will introduce new product capabilities designed with teamwork in mind. Join us to see how Vanta can help you collaborate easily with your extended team of employees, vendors, auditors, and customers—and win together.

ISO 42001
Vanta events | Vanta
Compliance for AI in Europe: Preparing for Emerging AI Laws and Regulation

Join our webinar to explore how ISO 42001 and the EU AI Act help your company stay compliant, secure, and ahead of evolving AI regulations with expert insights and practical strategies.

ISO 27001
Vanta events | Vanta
Live Demo: Simplify ISO 27001 and SOC 2 compliance with Vanta

Join our live demo to see how Vanta automates up to 90% of your ISO 27001 and SOC 2 compliance work, saving you time and reducing manual effort.

Additional resources you might like:

Product updates
Vanta events | Vanta
Trust is a Team Sport

Join us on March 19th at 10 am PT for our upcoming virtual launch event! Jeremy Epling (CPO at Vanta) will introduce new product capabilities designed with teamwork in mind. Join us to see how Vanta can help you collaborate easily with your extended team of employees, vendors, auditors, and customers—and win together.

ISO 42001
Vanta events | Vanta
Compliance for AI in Europe: Preparing for Emerging AI Laws and Regulation

Join our webinar to explore how ISO 42001 and the EU AI Act help your company stay compliant, secure, and ahead of evolving AI regulations with expert insights and practical strategies.

ISO 27001
Vanta events | Vanta
Live Demo: Simplify ISO 27001 and SOC 2 compliance with Vanta

Join our live demo to see how Vanta automates up to 90% of your ISO 27001 and SOC 2 compliance work, saving you time and reducing manual effort.

Compliance
Vanta events | Vanta
Live Demo: Automate compliance to fuel your startup's growth

Join our 45-min live demo to discover how automating compliance can streamline processes, save time, and fuel your startup’s growth.

Compliance
Vanta events | Vanta
Live Demo: Automating security and compliance workflows

Join our product demo to discover how automation, continuous monitoring, and centralized workflows can streamline your GRC program, enhance control visibility, and improve vendor and buyer security management—all within a single platform.

GRC
Vanta events | Vanta
Unlocking the ROI of GRC: The Business Value of Vanta

Discover how Vanta empowers organizations to achieve exceptional results in their Governance, Risk, and Compliance (GRC) programs.

Compliance
Vanta events | Vanta
Building Trust Beyond Compliance: A Continuous Approach to Security

Watch our special Ask Me Almost Anything (AMAA) session featuring Vanta CISO Jadee Hanson, along with Mandy Matthew, Senior Security Risk Program Manager at Duolingo, and Divya Singh, Senior Director of Compliance and Privacy at Chegg.

Security
Blog
A data-driven look at the top security tools for startups

There’s no shortage of options when it comes to security tools for startups. Here's a data-driven look at the top tools used most frequently by startups.

ISO 27001
Vanta events | Vanta
Live Demo: How to streamline ISO 27001 and SOC 2 compliance with automation

Watch Vanta’s 45-minute demo to see how our platform automates up to 90% of the work for achieving ISO 27001 and SOC 2 compliance, helping you streamline security and move towards continuous compliance.