ISO 27001 internal audit

Maintain ISO 27001 compliance & prepare for your re-certification audit with a comprehensive internal audit from a seasoned Bulletproof consultant.

Trusted ISO 27001 Consultancy

CREST approved
PEN TEST approved
Offensive Security OSCP
ISO 27001 Certified
Cyber Essentials Certification
Cyber Essentials Plus Certification

Get a fast ISO 27001 audit quote

ISO 27001 audits delivered by certified auditors

Qualified experts

All audits are delivered by certified ISO lead auditors with years of experience.

Comprehensive report

Get a detailed report with actionable advice to improve your compliance.

Flexible delivery

We work around your schedule to minimise disruption to your business.

Complete review

3-year ISO audit plans available with convenient monthly payment options.

Get a clear view of your ISO compliance Get a clear view of your ISO compliance

Get a clear view of your ISO compliance

Our consultants are highly experienced ISO 27001 certified auditors and qualified to conduct internal audits in line with what your external certification body auditor will be looking for.

Our auditor will assess your ISMS and Annex A controls through a series of interviews and documentation reviews where they will ask for evidence to demonstrate your compliance.

During the audit, the auditor will identify non-conformities, opportunities for improvement and provide advice for any follow-up activities that may be required.

Benefits of getting an ISO 27001 Audit Benefits of getting an ISO 27001 Audit

Benefits of getting an ISO 27001 Audit

In addition to the audits conducted by your external certification body,

ISO 27001 requires you to conduct internal audits at least once per year.

Often, conflicts of interest and a lack of the necessary skills and knowledge can make it difficult for most companies to audit themselves.

That’s where we can help by providing you with:

  • Highly experienced ISO 27001 certified auditors
  • Comprehensive audit plans to ensure your audit runs smoothly and efficiently
  • Detailed ISO audit reports providing comprehensive information on non-conformities and opportunities for improvement
  • Flexible audit plans to work around your audit schedule
  • The opportunity to buy 3-year audit plans, with monthly payment options, making your internal audits more cost effective

GDPR compliance staff at Bulletproof GDPR compliance staff at Bulletproof

Why choose Bulletproof?

Our highly experienced ISO 27001 certified auditors help businesses of all sizes audit, implement, and maintain their compliance standards, providing guidance on all aspects of ISO 27001.

We understand that every organisation has different priorities and requirements, which can make an audit process daunting. That’s why our consultants work with you to ensure that your ISO audit is not only comprehensive with clear report findings, but also causes minimal disruption to your business.

Here’s what our customers say about us

ISO 27001 audit FAQs

What is an ISO 27001 audit?

Internal audits are an essential part of checking how your organisation is complying with the ISO 27001 standard. Businesses that have already achieved ISO 27001 are required to conduct internal audits at regular intervals to stay compliant and continue to improve business security. Our internal audits will help you meet the requirements of clause 9.2 and will facilitate and complete this process with a team of lead auditors who can help with scheduling, planning, conducting the audit, reporting, and following up on improvements.

What is included in our internal audit?

Our ISO 27001 audit report covers:

  • The scope and type of audit
  • Management system aspects/documentation
  • Annex A controls
  • Details of non-conformities
  • Opportunities for improvement
  • Audit notes and findings

How long does an internal audit take?

This will depend on several factors including:

  1. The scope of your ISMS
  2. The size of your organisation
  3. The physical locations of your offices/warehouses etc
  4. The audit schedule – some companies audit all the clauses and Annex A controls in one audit, while others choose to split it up and do parts over the course of the audit cycle.

If you are interested in conducting your internal audits with us, we will discuss your requirements in detail to understand your environment so that we can provide you with an accurate, fixed price quote.

Once the scope of work is defined and agreed upon, we deliver regardless of the time needed to complete the audit.

What is Annex A?

Annex A is a set of security controls which your business can use to address identified information security risks. These might sound familiar if you are ISO 27001 certified, as Annex A forms the basis of your information security framework. The internal audit will identify the applicable Annex A controls and ensure these have been implemented effectively.

What is the difference between an internal and external ISO audit?

Your certification body conducts audits for you to achieve ISO 27001 certification and then once every 3 years to renew the standard. These are external audits delivered by the external certification body. It is also a requirement for your business to conduct internal audits at least once every 12 months to maintain the requirements of ISO 27001.

Companies often outsource their internal audits due to lack of in-house resources, and to avoid conflicts of interest if a company is auditing itself. Both internal and external audits are conducted in a similar fashion and are looking to evidence compliance to the clauses and applicable Annex A controls.

Who needs to be involved in an internal audit?

Anyone who works in your organisation could potentially be asked to participate in the audit. For instance, if the auditor wants to establish the awareness level of the ISMS amongst the employees, they may randomly select to speak to an employee to find out what they know.

Key people needed for audits will be IT, HR, senior management, the Information Security Manager (if there is one) and risk owners. There may be others, but the auditor will discuss this with you during the initial audit meetings and advise on who they need to speak with.

ISO internal audit resources

Trusted cyber security & compliance services from a certified provider