Who should use the ISO 27001 Internal Audit template?

This template is designed for Lead Auditors, ISMS Managers, and CISOs. ISO 27001 internal audit template, Annex A control sampling, ISMS clause review (Clauses 4–10), CAPA execution, and CISO sign-off. Nine-step audit aligned with ISO 27001 requirements.

How many steps does the ISO 27001 Internal Audit template have?

The template has 9 steps, including 4 approval checkpoints with a built-in SLA.

Does the ISO 27001 Internal Audit template include approval gates?

Yes, this template includes 4 approval gates and a built-in SLA. Approvals can be configured with one or multiple approvers in Cadenio.

Is this template free to use with Cadenio?

Yes. All templates in the Cadenio library are available during the free trial period. After the trial, they are available on all paid plans.

Does the ISO 27001 Internal Audit template generate an audit trail?

Yes. Every blueprint run in Cadenio automatically generates an auditable record showing who executed each step, when, which approvals were given, and what evidence was attached, ready for internal or external audit.

Template · Compliance

ISO 27001 internal audit, without the spreadsheet reconstruction.

Most ISO audits collapse when the external assessor arrives. Annex A sampling lives in Excel, CAPA tracking is disconnected from findings, and no one can prove clause coverage. This template runs scope, sampling, CAPA, and sign-off in one auditable chain.

Use this template free →Browse library

For lead auditors, isms managers, and cisos. No credit card. First run in under a minute.

Audit #ISO-0127

Q2 2026 Internal Audit · Full ISMS scope · Annex A + Clauses 4-10

0/9 concluídas11% completo

Define ISMS scope & audit cycle100%
Lead AuditorApproval gate
Opening meeting with auditeeBLOQUEADA
Lead AuditorApproval gate
Sample Annex A control familiesBLOQUEADA
Lead AuditorSLA 48h
Review ISMS Clauses 4-10BLOQUEADA
ISMS ManagerIn parallel
Document findings with root causeBLOQUEADA
Lead AuditorApproval gateDep. pendente
Process owners execute CAPABLOQUEADA
Process OwnersEvidence attachedDep. pendente
Management review of ISMS performanceBLOQUEADA
ISMS ManagerApproval gateDep. pendente
Top management / CISO sign-offBLOQUEADA
CISOExecutive approvalDep. pendente
Confirm external audit readinessBLOQUEADA
Lead AuditorClosure gateDep. pendente

Opinion

What we cut. And what we kept.

This template is edited for real audits. The exhaustive version is what got you flagged last time.

Cut

Annex A sampling in disconnected spreadsheets.
CAPA tracking in a separate tool from findings.
Clause coverage claims with no evidence chain.
Audit report drafted after the external auditor asks for it.

Kept

Parallel Annex A and Clauses 4-10 review (not serial).
CAPA execution linked to the finding that triggered it.
Four checkpoint gates that create the audit trail.
Management review before external audit readiness.

What this template includes

Process steps

1Define ISMS scope, audit cycle, and ISO 27001 coverage, Lead Auditor gate
2Opening meeting: confirm scope, schedule, and communication channels with the auditee, gate
3Sample selected Annex A control families based on risk and prior findings
4Review ISMS management-system clauses (Clauses 4–10) in parallel with Annex A
5Document findings with evidence and identified root causes, Lead Auditor gate
6Process owners execute corrective and preventive actions (CAPA) on identified gaps
7Management review of findings, CAPAs, and ISMS performance, ISMS Manager approval
8Top management / CISO sign-off on systemic issues and resource decisions
9Confirm external audit readiness and publish the internal audit report, closure gate

Why teams use this template

ISO 27001 internal audits drift when there is no shared structure between the audit team and process owners. Annex A sampling happens in spreadsheets, ISMS clause coverage is hard to prove, and CAPAs are tracked in a separate tool from the findings that triggered them. By the time the external auditor arrives, you spend more time reconstructing the audit trail than discussing actual gaps.

This template runs the full ISMS internal audit cycle in one place: scoped audit plan, opening meeting, parallel Annex A and Clauses 4–10 review, finding documentation with root cause, CAPA execution by process owners, management review, and CISO sign-off. Four checkpoint gates and an approval workflow make the chain of evidence the audit trail external assessors expect.

Built for Lead Auditors who run multiple cycles per year: scope reuses across audits, Annex A control families carry over, and CAPA history connects the current audit to the last one, so you can tell the external auditor exactly what changed, when, and who approved it.

Ready to run this process?

Open this template in Cadenio, customize the fields and approvals for your context, and run it for the first time in under 60 seconds.

Open in Cadenio →See all templates

Related use case

SOC 2 use case

Related templates

Compliance

GDPR & CCPA Compliance Audit

GDPR/CCPA compliance audit template, DSAR readiness, consent records, cross-border transfers, breach notification, and DPO sign-off. Ten-step audit with full evidence trail.

Compliance

Third-Party Risk Assessment

Third-party risk assessment template, tier classification, due-diligence pack, four risk dimensions (operational, reputational, financial, compliance), and CRO sign-off for critical vendors.

Compliance

Vendor Compliance Review

Vendor compliance review template with document collection, security controls validation, and risk sign-off, 4 approval gates and a clean audit record ready before the reviewer asks.

Open in Cadenio →Template library Talk to a specialist

ISO 27001 internal audit, without the spreadsheet reconstruction.

For lead auditors, isms managers, and cisos. No credit card. First run in under a minute.

Why teams use this template