ISO 27001 Internal Audit. Find issues before your auditor does.
ISO 27001 requires an internal audit before certification and annually thereafter. We conduct independent internal audits that find non-conformities before your certification body does, giving you time to resolve them and enter your audit with confidence.
Six audit capabilities. One clean certification audit.
Pre-Certification Audit
A full internal audit conducted before your Stage 1 and Stage 2 certification audits, identifying and resolving non-conformities so your certification body does not find them first.
Clause-by-Clause Review
A structured review of your ISMS against every clause of ISO 27001:2022, producing a conformity rating and evidence assessment for each requirement.
Non-Conformity Management
Identification, classification, and root cause analysis of all non-conformities found during audit, with corrective action plans and closure verification.
Audit Report
A formal audit report meeting ISO 27001 clause 9.2 requirements, documenting audit scope, criteria, findings, and conclusions in a format your certification body will accept.
Annual Surveillance Audits
Ongoing annual internal audits to maintain your ISO 27001 certification, covering a rolling programme of ISMS clauses and Annex A controls.
Audit Programme Management
Design and management of your multi-year internal audit programme, ensuring all clauses and controls are audited within the required frequency.
From audit planning to corrective action closure. Six structured steps.
Audit Planning
We agree the audit scope, criteria, and schedule with your ISMS owner, and produce an audit plan that covers all mandatory clauses and selected Annex A controls.
Document Review
We review all ISMS documentation, policies, procedures, and records before the on-site audit to identify any documentation gaps or inconsistencies.
On-Site Audit
Structured interviews with process owners, control owners, and staff, combined with evidence sampling to verify that controls are operating as documented.
Finding Classification
All findings are classified as major non-conformity, minor non-conformity, observation, or opportunity for improvement, with evidence documented for each.
Corrective Action Planning
For each non-conformity, we work with your team to identify root cause and agree a corrective action plan with realistic timescales.
Audit Report and Closure
We produce the formal audit report and verify closure of all corrective actions before your certification audit, ensuring you enter the audit with zero open non-conformities.
Organisations that entered their audit with confidence. Because we audited first.
Consulting firm pre-certification audit
A UK management consulting firm needed an internal audit 8 weeks before their Stage 2 certification audit. Our audit identified 3 minor non-conformities and 7 observations. All were resolved before the certification audit, which resulted in zero non-conformities raised by the certification body.
SaaS platform annual surveillance audit
A UK SaaS business needed annual internal audits to maintain their ISO 27001 certification. We conduct their annual audit programme, covering all ISMS clauses and a rolling selection of Annex A controls, producing the audit report their management review requires.
Local authority ISMS audit programme
A UK local authority needed an independent internal audit of their ISMS following a significant change to their IT infrastructure. Our audit identified 2 major non-conformities related to the infrastructure change, both of which were resolved before their surveillance audit.
Enter your certification audit with zero open non-conformities. We make sure of it.
Our pre-certification internal audits have a 100 percent success rate. No client has failed their certification audit after we have conducted their internal audit. Book your audit now.