9.2 Internal audit

Clause 9.2 requires the organization to plan and carry out internal audits of its security management system at defined intervals, using competent, independent auditors to assess compliance with ISO 28000 requirements, evaluate the system's effectiveness, report findings, and ensure corrective actions are taken.