Assurco’s impartial ISO 27001 Auditors can assess your Organisational, People, Physical and Technological controls against your own requirements and the requirements of the internationally recognised standard for an Information Security Management System (ISMS).
ISO 27001 Audit Programme
The Lead ISO 27001 Auditor assigned to your organisation will work with you to define the scope of your audit requirement, and subsequently create an audit programme that meets your intended audit objectives.
There are many reasons to perform an ISO 27001 Audit including:
- Testing the resilience and effectiveness of controls,
- Meeting the Internal Audit Requirements of clause 9.2,
- Preparing for a Certification Audits,
- Providing reassurance to stakeholders.
In addition to our standard audit practices we will also adhere to the specific guidance in:
- ISO 27006, Requirements for bodies providing audit and certification of information security management systems.
- ISO 27007, Guidelines for information security management systems auditing
ISO 27001 Audit Field Work & Audit Report
During the audit fieldwork we will test your management system & associated controls using risk-based sampling techniques. Any findings will be raised based on the objective evidence sampled, and we’ll be transparent about this during the audit.
Everything is documented within the audit report, including positive observations, which can be presented to leadership and other stakeholders as a measure of the effectiveness of your ISMS. The audit report should always be shared in full.
ISO 27001 Audit Findings & Remediations
Assurco does not provide consultancy advice, however our auditors are trained to provide enough information within audit reports for you to understand the nonconformances and find a suitable corrective action.
We will also prioritise weaker areas of your ISO 27001 management system in future audits, taking a risk-based approach.