Standards can help to accumulate knowledge and experiences, while standardization aims to make use of systematic and coherent methods for reinforcing and passing down the knowledge of standard implementation. As management systems increases gradually, there are more and more problems concerning Certification Bodies (CB) and their Audit ability. In order to regulate these problems, International Standardization for Organization (ISO) has set about compulsory demands for improving the knowledge and ability of CB auditors by applying ISO/IEC 17021:2011(E) of CB management system standard in two phases since 1999. This twelve-year task has been accomplished and become the components of Management System Standards (MSS). As a result, according to the requests of the enactment of personal data systems and the record management systems in MSS, this paper plans to investigate the existing audit problems in Information Security Management System (ISMS) and put forward some possible solutions.