ISO 27001 Clause 9.2 requires organisations to conduct internal audits at planned intervals. Venvera tracks the full audit lifecycle.
Planning an audit
Go to ISO 27001 → Internal Audits and click New Audit.
| Field | Required | Description |
|---|---|---|
| Audit Title | Required | e.g., "Q1 2026 ISMS Internal Audit" |
| Scope | Required | Which clauses, processes, or departments are being audited |
| Lead Auditor | Optional | Name of the person conducting the audit |
| Planned Date | Required | Scheduled audit date |
| Status | Required | Planned → In Progress → Completed |
Recording findings
During or after the audit, add findings to the audit record. Each finding can be classified as:
- Major Nonconformity — A significant failure to meet a requirement
- Minor Nonconformity — A partial failure or isolated deviation
- Observation — An area for improvement that is not a nonconformity
- Opportunity for Improvement — A suggestion, not a failure
Major nonconformities from internal audits should be tracked in the Nonconformity Register with corrective action plans.