•Second-Party Audits: These involve an organization (the customer) auditing another organization with which it has a relationship (such as a supplier). The focus is on ensuring the supplier meets the customer's information security requirements.
•Accreditation Bodies: These assess the competence of certification bodies but don't directly participate in second-party audits.
•CQI and IRCA: These organizations provide auditor certifications but their training alone doesn't automatically qualify someone for second-party ISO/IEC 27001 audits. The auditor should have specific knowledge of the standard.
[References:, •ISO/IEC 17021-1:2015 Conformity assessment — Requirements for bodies providing audit and certification of management systems: Provides requirements for certification bodies but also outlines how first-, second-, and third-party audits work., •PECB Candidate Handbook, ISO/IEC 27001 Lead Auditor: Explains the distinctions between first, second, and third-party audits, clarifying that second-party audits are usually between organizations with a prior relationship., , , ]
Submit