Creation of an audit framework for ISO 27001/2