External Audit – An external audit is conducted by a qualified, independent third party to determine if the organization’s information security framework is compliant with a specific standard. Depending on the standard chosen and the auditing body, an external audit can lead to certification to a third-party information security standard.