EN 
NL 
DE ICT within your organisation
Certification from DigiTrust proves that personal data is safe with you.
More than 500 organisations have already gone before you.
ISO 27001 audit with the right ICT context
What is an ISO 27001 audit and why is it important for your organisation? Without an audit, it is not possible to obtain certification. It is the way to demonstrate that you are using a good information security management system. We understand what information security means for ICT and telecom companies. Scrum teams and information security, DevOps, OTAP and the AWASP top 10; we speak your language during the audit.
ISO certification shows that you take the right management measures in the field of information security. You operate according to the standard, ensuring the reliability, integrity and availability of important and privacy-sensitive data.
Proudly certified by DigiTrust
![logo-zl-concern[1]](https://www.digitrust.nl/wp-content/uploads/2025/02/logo-zl-concern1-300x90.jpg){kind=logo}
![cmyk-Logo Cura Mare [top]](https://www.digitrust.nl/wp-content/uploads/2024/09/RGB-Logo-CuraMare-300x45.jpg){kind=logo}
or call one of our specialists
ISO 27001 audit checklist
Want to know where the organisation stands in preparation for an ISO 27001 audit? You can do so using the DigiTrust checklist.
DigiTrust's checklist is simple in design, but provides sufficient insight into key areas of concern.
ISO 27001 auditor
The ISO 27001 auditor assesses the operation of the information security management system. This is also referred to as the ISMS. One component is formed by the control measures as listed in the standard's Annex A.
Context matters
DigiTrust's auditor looks closely at the context of the organisation. After all, an ICT or telecoms company is different from an organisation working in the healthcare or public sector. We understand the day-to-day challenges. The auditor is the link between the standard requirements and the context of your organisation.
During the audit, the auditor walks through the standard requirements with you. How have you translated them within the organisation? This assessment gives the auditor a good idea of whether the management system meets the standard requirements. A positive result will lead to ISO 27001 certification.
Complying with the standard is important in the current times. By doing so, you demonstrate to all your customers and other stakeholders that you have a functioning information security management system.
Obtaining the certificate is a nice milestone. We often visit you with a nice certificate and take a nice group photo of the presentation. Check our news page for the various awards.
If you want more certainty about whether your organisation and its information security management system are ready for certification, we can perform a pre-audit. This is also known as a baseline measurement. During this audit, we take a close look at the management system and include various control measures as required. The DigiTrust auditor will deliver a complete audit report. This gives you a good idea of the possible gaps (deviations) that may still exist compared to the standard.
Initial certification
DigiTrust assesses whether the system works and functions according to the requirements. This assessment includes reviewing all operations at your office as well as at the implementation site. The initial certification consists of 2 parts. The phase 1 and phase 2 audit.
During the phase 1 audit, we take an outline look at your management system (ISMS) and whether you are really ready for the phase 2 audit. We will also create the audit plan together for the phase 2. Who do we need when.
During the phase 2 audit, we test the ISMS and all management measures.
Phase 1
During the phase 1 audit, we take an outline look at your management system (ISMS) and whether you are really ready for the phase 2 audit. We will also create the audit plan together for the phase 2. Who do we need when.
Phase 2
During the phase 2 audit, we test the ISMS and all management measures.
Issue certificate
In case of a positive assessment, the auditor will nominate the organisation for certification. The certification manager does a quality check on the file. If everything is in order, you will receive the certification.
Control 1
During the term of the certificate, which is usually three years, DigiTrust will conduct an annual surveillance audit. During a surveillance audit, we take a sample on the various standard elements. In case of a positive assessment, the current certificate will be continued.
Control 2
DigiTrust will visit about three months before the certificate expires for the reassessment. This assessment is of the same scope as the one at step 2 and should ensure that if the result is positive, the certificate is renewed for another three years.
Questions about an ISO 27001 audit or curious about certification options?
Our specialists will be happy to tell you more about it. Call us at 088-224 56 00, please email us at sales@digitrust.nl or use our online contact form. We will be happy to visit you for a no-obligation introduction.
More than 300 organisations have already gone before you.