An audit is a systematic review to determine whether an organization complies with defined requirements and processes. In the field of information security, the audit assesses whether the ISMS is effectively implemented.
A distinction is made between internal audits and external certification audits.
Audits are an integral part of ISO 27001 and serve the purpose of continuous improvement.