ISO 27001 - Audit Calender Template
ISO 27001 Audit Calendar - The Backbone of Your Internal Audit Programme
Required under ISO/IEC 27001:2022 Clause 9.2 - reviewed during certification and surveillance audits.
The Audit Calendar is a required planning control under ISO/IEC 27001:2022, used to demonstrate that internal audits are formally planned, scheduled, and performed at defined intervals. It must align with the ISMS scope, risk profile, and required audit frequency.
Auditors review the audit calendar during Stage 1 and Stage 2 audits to confirm that internal audits are systematic and not reactive or ad hoc. Missing, outdated, or informal audit schedules commonly result in nonconformities, corrective actions, or audit delays.
This template delivers a structured, defensible, auditor-ready Audit Calendar aligned with ISO/IEC 27001 Clause 9.2, providing clear audit coverage, traceability, and reliable evidence of audit planning.
Why This Document Matters
- Demonstrates that internal audits are formally planned and approved in line with ISO/IEC 27001:2022 Clause 9.2.
- Confirms a systematic, risk-based audit schedule aligned with ISMS scope and priorities.
- Establishes clear audit coverage across ISMS processes, controls, and locations.
- Prevents ad-hoc or reactive auditing by defining timing, frequency, and audit cycles.
- Provides auditable evidence of planned, repeatable, and reviewable internal audits.
What's Included in This Template
- ISO/IEC 27001:2022 Clause 9.2 compliant internal audit planning framework.
- Annual and multi-year audit scheduling layout.
- Mapping of audits to ISMS scope, controls, and business units.
- Risk-driven audit timing and prioritisation logic.
- Defined roles for audit planning, execution, and oversight.
- Built-in structure for review, update, and audit trail retention.
Common Audit Issues This Helps You Avoid
- No formal audit calendar to demonstrate planned internal audits.
- Reliance on informal tracking (emails, spreadsheets, reminders).
- Incomplete audit coverage of ISMS processes and controls.
- Missed or delayed audits without justification.
- Inability to prove systematic audit planning to auditors.
- Nonconformities raised against ISO/IEC 27001 Clause 9.2.
Who Should Use This Template
- Organisations establishing an ISO/IEC 27001 internal audit programme for the first time.
- Companies preparing for certification, surveillance, or recertification audits.
- Businesses needing to formalise or replace informal audit scheduling.
- Consultants and ISMS managers overseeing multiple ISO 27001 audit cycles.
- Teams transitioning to ISO/IEC 27001:2022 Clause 9.2 requirements.
Format & Customisation
- Editable Microsoft Excel format (.xslx)
- Fully customisable text, headings, and branding
- No specialised software required
- Compatible with Excel, Google Docs, and LibreOffice
Compliance Note
Within an ISO/IEC 27001 ISMS, the Audit Calendar functions alongside audit procedures, audit reports, nonconformity records, and management review inputs to demonstrate disciplined, repeatable internal audits during certification and surveillance audits.
How Does It Work?
-
1Download the Excel template instantly after checkout.
-
2Replace company-specific details where applicable.
-
3Customize wording in template if required.
-
4Approve and update in line with ISMS audit reviews.
Upgrade to the complete ISO 27001 documentation toolkit and fix audit planning gaps.
- 80+ ISO 27001 templates.
- Risk assessment & treatment templates.
- Statement of Applicability (SoA)
- Internal audit toolkit
- ISMS implementation plan
- Audit-ready documentation structure
Save over 70% compared to buying templates individually.
Get The ISO 27001 Complete Toolkit
