Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Keiran Mather
Bulletproof red team demonstrate a novel approach to evade static analysis in Linux malware.
Read More
Maintain ISO 27001 compliance & prepare for your re-certification audit with a comprehensive internal audit from a seasoned Bulletproof consultant.
I'd like to receive free cyber and compliance resources, and stay up-to-date with Bulletproof services. Privacy policy
All audits are delivered by certified ISO lead auditors with years of experience.
Get a detailed report with actionable advice to improve your compliance.
We work around your schedule to minimise disruption to your business.
3-year ISO audit plans available with convenient monthly payment options.
Our consultants are highly experienced ISO 27001 certified auditors and qualified to conduct internal audits in line with what your external certification body auditor will be looking for.
Our auditor will assess your ISMS and Annex A controls through a series of interviews and documentation reviews where they will ask for evidence to demonstrate your compliance.
During the audit, the auditor will identify non-conformities, opportunities for improvement and provide advice for any follow-up activities that may be required.
In addition to the audits conducted by your external certification body,
ISO 27001 requires you to conduct internal audits at least once per year.
Often, conflicts of interest and a lack of the necessary skills and knowledge can make it difficult for most companies to audit themselves.
That’s where we can help by providing you with:
Our highly experienced ISO 27001 certified auditors help businesses of all sizes audit, implement, and maintain their compliance standards, providing guidance on all aspects of ISO 27001.
We understand that every organisation has different priorities and requirements, which can make an audit process daunting. That’s why our consultants work with you to ensure that your ISO audit is not only comprehensive with clear report findings, but also causes minimal disruption to your business.
ISO 27001 compliance has helped us improve our security investment and build credibility with our global client base, as well as enabled us to successfully win UK Government procurement contracts. Bulletproof made the whole process easy and effortless from start to finish, strengthening our information security and improving our position in the industry.
We work extensively with Bulletproof both with Cyber Essentials and ISO 27001. I always find the team both helpful and knowledgeable.
One of our expert ISO 27001 audit consultants will get back to you as soon as possible.
Internal audits are an essential part of checking how your organisation is complying with the ISO 27001 standard. Businesses that have already achieved ISO 27001 are required to conduct internal audits at regular intervals to stay compliant and continue to improve business security. Our internal audits will help you meet the requirements of clause 9.2 and will facilitate and complete this process with a team of lead auditors who can help with scheduling, planning, conducting the audit, reporting, and following up on improvements.
Our ISO 27001 audit report covers:
This will depend on several factors including:
If you are interested in conducting your internal audits with us, we will discuss your requirements in detail to understand your environment so that we can provide you with an accurate, fixed price quote.
Once the scope of work is defined and agreed upon, we deliver regardless of the time needed to complete the audit.
Annex A is a set of security controls which your business can use to address identified information security risks. These might sound familiar if you are ISO 27001 certified, as Annex A forms the basis of your information security framework. The internal audit will identify the applicable Annex A controls and ensure these have been implemented effectively.
Your certification body conducts audits for you to achieve ISO 27001 certification and then once every 3 years to renew the standard. These are external audits delivered by the external certification body. It is also a requirement for your business to conduct internal audits at least once every 12 months to maintain the requirements of ISO 27001.
Companies often outsource their internal audits due to lack of in-house resources, and to avoid conflicts of interest if a company is auditing itself. Both internal and external audits are conducted in a similar fashion and are looking to evidence compliance to the clauses and applicable Annex A controls.
Anyone who works in your organisation could potentially be asked to participate in the audit. For instance, if the auditor wants to establish the awareness level of the ISMS amongst the employees, they may randomly select to speak to an employee to find out what they know.
Key people needed for audits will be IT, HR, senior management, the Information Security Manager (if there is one) and risk owners. There may be others, but the auditor will discuss this with you during the initial audit meetings and advise on who they need to speak with.