Cyberday.ai
Get started
Login
Topics
ISO 27001
NIS2
Getting started
Framework management
Product security
Settings & advanced
Trial and subscription
User management
Community
Documentation
Personnel guidelines
Reporting
Task management
GDPR
Internal auditing
Personnel security
Risk management
Working as a partner
Continuous improvement
Team collaboration
Show all topics
Webinars
NIS2: Intro to NIS2 Directive and Cyberday
ISO 27001: Build a cyber security plan, that gets you compliant
May's monthly review for Cyberday admins (5/2024)
Show all webinars
Videos
Asset documentation
Continuously improving your ISMS
Cyberday overall intro
ISO 27001 and certification audit fundamentals
ISO 27001 and personnel awareness
ISO 27001 and risk management
ISO 27001 introduction
NIS2 introduction
Show all videos
Helps
Documentation
For admins
For partners
Frameworks
Guideline mgmt
Other features
Reporting
Setup and integrations
Task mgmt
User management
Show all helps
Blogs
Access Control & MFA (NIS2 21.2): Build A Solid Foundation with ISO 27001 Best Practices
Understanding HR Security Basics for ISO 27001 & NIS2 Compliance
Build your NIS2 measures for Business Continuity and Backups with ISO 27001
Best Practices from ISO 27001 for Secure System Acquisition and Development: Create your NIS2 measures
Potential Struggles IT Companies might Encounter with Incident Identification and Reporting Today
Show all blogs
Content library
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Academy home
Helps
How to use the (internal) audit feature

How to use the (internal) audit feature

An audit process in general is a review process with the purpose to ensure that the ISMS of the organization is compliant with the requirements of a specific framework, such as the ISO 27001 framework. However, before an organization is moving towards a certification audit, an internal audit usually takes place. The internal audit helps the organization to oversee the current position of the implementation of the controls of a specific framework and to find potential non-conformities, which should be addressed before the certification audit. Potential improvements that are found in either an internal or the certification audit will help the organization to continuously improve their own ISMS.

When should you do an (internal) audit in Cyberday?

An (internal) audit is an efficient tool to check the current compliance level of the organization. Using this tool in Cyberday is a great step, after at least some of the controls (which will be audited) are fully implemented. Results will be documented directly in Cyberday and can be used as a base for further improvements.

How can you create an internal audit schedule in Cyberday?

Where to find this view: Dashboard -> Theme: risk management and leadership -> Documentation -> Audits

If you want to create an audit schedule, go to the  Organization Dashboard in Cyberday and open the theme "Risk management and leadership" from the theme list. Once the theme is opened, you can find the box with "Documentation" on the right side. Open the link "Audits" to see the audit schedule.

The audit list includes all of the done and scheduled audits. If you want to schedule a new audit, add a new audit from the button in the upper right corner. A new audit will be added to the list. Open the new audit, set an owner, a name and the status "scheduled" from the drop down (if you simply want to schedule it). Select the date and time when the audit is planned to be done from the audit card.

This is an example of an audit list. You can add new ones with the button "Add audit".

How do you define an audit scope in Cyberday?

Once you have created the audit in your list and opened the audit card, you can define the scope by answering the first question. The selections of the first question are necessary for creating the "audit progress report", which is the third question of the card. You can review the content in the own ISMS from the point of view of a specific framework or by a related management system section, such as "incident management" or "management of data sets". If you select a specific framework, you can also select specific sections, so you do not need to audit the full framework all at once, but rather split in smaller sections with more doable time slots. Many frameworks have e.g. the requirement, that the full framework needs to be covered with internal audits every 3 years.

How do you carry out an internal audit?

In order to carry out the audit, go to the audit card from the audit list and select "Create audit progress report" under the question three. Attention: You need to fill in the scope and etc. in question one before you can move to this step.

The audit progress report will open and you can do the following steps:

  • Check the tasks that are listed in the audit progress report
  • Document all observed non-conformities or observations for each requirement and then "Mark as reviewed"
On the left, you can see the tasks that are checked during the audit, on the right you can add non-conformities and mark the section as reviewed once everything is fully checked.

The auditor can check from the list if all the information are still up to date (i.e. responsible persons, are all the actions actually done, are the tasks reviewed, are the descriptions up to date and so on). During the audit, write down everything that is not matching or wrong as a non-conformity, so it can be improved after the audit.

For the non-conformities, write down all the needed details in the new tab, that is opening when clicking "add new non-conformity" and if possible potential improvement ideas. The non-conformities need to be fixed in order to be able to finish the audit.

After "selecting "add new non-conformity", a new window will open. Select the basic type of the non-conformity. A new window will open, where you can fill in more details.
This window will open as a second one to fill in more details about the non-conformity. Click "done" after filling all of the needed details.

In the audit card from the audit list, you can find an overview of all of the found non-conformities under section two. You can also add non-conformities directly from there or further add positive and other findings from the audit. Later on, you should plan and connect the improvements (section four) in order to be able to finish the audit. You can close the audit once all of the improvements are presented to the auditor and corrective actions have been "accepted" by the auditor.

How do you create the final audit report?

Once you have finished all of the above listed steps have marked the sections of the audit card as completed and have clicked "Finnish progress report", you can finish the audit and create a single document out of the audit card. Simply go to the audit card and open the drop down menu by clicking the three dots on the right side next to the headline. Select "View report" to open the report.

The internal audit report document may look like the following:

The audit progress report can later on be found in the reporting section in Cyberday as well. It is useful for showing the progress, but rather for the auditors, less for the auditees.

Questions and feedback

Do you have any further questions, would need another help article or would like to give some feedback? Please contact our team via team@cyberday.ai or the chat box in the right lower corner.

Content

Share article

Other similar content from Academy

Help articles

How to use the (internal) audit feature
How to use the metrics feature
Incident management: Extension for employee security incident reporting through Guidebook
Linking existing SharePoint files to your Cyberday content
Multilingual work in Cyberday
Personalize the menu by pinning items
Posting, replies and notifications in Community
Setting a custom logo for your organization
Using "security statement" reports
Using compliance reports
What kind of logging is available about changes in your Cyberday account?
What kind of notifications are available?

Subscribe to Academy today

Elevate Your Knowledge with Exclusive Access to Weekly Webinars, Video Courses, Help Articles, and Blogs.

Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Topics
Continuous improvement
Product security
Personnel guidelines
Team collaboration
GDPR
Show all
Webinars
NIS2: Intro to NIS2 Directive and Cyberday
ISO 27001: Build a cyber security plan, that gets you compliant
May's monthly review for Cyberday admins (5/2024)
Show all
Videos
ISO 27001 introduction
NIS2 introduction
ISO 27001 and certification audit fundamentals
Asset documentation
ISO 27001 and personnel awareness
Show all
Helps
Documentation
For partners
Other features
Reporting
Guideline mgmt
Show all
Blogs
Access Control & MFA (NIS2 21.2): Build A Solid Foundation with ISO 27001 Best Practices
Understanding HR Security Basics for ISO 27001 & NIS2 Compliance
Build your NIS2 measures for Business Continuity and Backups with ISO 27001
Best Practices from ISO 27001 for Secure System Acquisition and Development: Create your NIS2 measures
Potential Struggles IT Companies might Encounter with Incident Identification and Reporting Today
Show all
Content library
Open content libraryLabs
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.