Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
Maintain ISO 27001 compliance & prepare for your re-certification audit with a comprehensive internal audit from a seasoned Bulletproof consultant.
I'd like to receive free cyber and compliance resources, and stay up-to-date with Bulletproof services. Privacy policy
All audits are delivered by certified ISO lead auditors with years of experience.
Get a detailed report with actionable advice to improve your compliance.
We work around your schedule to minimise disruption to your business.
3-year ISO audit plans available with convenient monthly payment options.
Our consultants are highly experienced ISO 27001 certified auditors and qualified to conduct internal audits in line with what your external certification body auditor will be looking for.
Our auditor will assess your ISMS and Annex A controls through a series of interviews and documentation reviews where they will ask for evidence to demonstrate your compliance.
During the audit, the auditor will identify non-conformities, opportunities for improvement and provide advice for any follow-up activities that may be required.
In addition to the audits conducted by your external certification body,
ISO 27001 requires you to conduct internal audits at least once per year.
Often, conflicts of interest and a lack of the necessary skills and knowledge can make it difficult for most companies to audit themselves.
That’s where we can help by providing you with:
Our highly experienced ISO 27001 certified auditors help businesses of all sizes audit, implement, and maintain their compliance standards, providing guidance on all aspects of ISO 27001.
We understand that every organisation has different priorities and requirements, which can make an audit process daunting. That’s why our consultants work with you to ensure that your ISO audit is not only comprehensive with clear report findings, but also causes minimal disruption to your business.
ISO 27001 compliance has helped us improve our security investment and build credibility with our global client base, as well as enabled us to successfully win UK Government procurement contracts. Bulletproof made the whole process easy and effortless from start to finish, strengthening our information security and improving our position in the industry.
We work extensively with Bulletproof both with Cyber Essentials and ISO 27001. I always find the team both helpful and knowledgeable.
One of our expert ISO 27001 audit consultants will get back to you as soon as possible.
Internal audits are an essential part of checking how your organisation is complying with the ISO 27001 standard. Businesses that have already achieved ISO 27001 are required to conduct internal audits at regular intervals to stay compliant and continue to improve business security. Our internal audits will help you meet the requirements of clause 9.2 and will facilitate and complete this process with a team of lead auditors who can help with scheduling, planning, conducting the audit, reporting, and following up on improvements.
Our ISO 27001 audit report covers:
This will depend on several factors including:
If you are interested in conducting your internal audits with us, we will discuss your requirements in detail to understand your environment so that we can provide you with an accurate, fixed price quote.
Once the scope of work is defined and agreed upon, we deliver regardless of the time needed to complete the audit.
Annex A is a set of security controls which your business can use to address identified information security risks. These might sound familiar if you are ISO 27001 certified, as Annex A forms the basis of your information security framework. The internal audit will identify the applicable Annex A controls and ensure these have been implemented effectively.
Your certification body conducts audits for you to achieve ISO 27001 certification and then once every 3 years to renew the standard. These are external audits delivered by the external certification body. It is also a requirement for your business to conduct internal audits at least once every 12 months to maintain the requirements of ISO 27001.
Companies often outsource their internal audits due to lack of in-house resources, and to avoid conflicts of interest if a company is auditing itself. Both internal and external audits are conducted in a similar fashion and are looking to evidence compliance to the clauses and applicable Annex A controls.
Anyone who works in your organisation could potentially be asked to participate in the audit. For instance, if the auditor wants to establish the awareness level of the ISMS amongst the employees, they may randomly select to speak to an employee to find out what they know.
Key people needed for audits will be IT, HR, senior management, the Information Security Manager (if there is one) and risk owners. There may be others, but the auditor will discuss this with you during the initial audit meetings and advise on who they need to speak with.