Internal Audit Services
Gain the assurance you need to meet auditor, client, and stakeholder demands
Efficient Auditing for Effective Compliance
If this is your first certification audit or you’re recertifying, you’ll need to complete an internal audit of your full ISMS. If it’s your annual surveillance audit you may only require an internal audit of certain management system requirements or specific controls of Annex A, such as A.6, A.8 etc, in accordance with a defined audit schedule.
Whatever your internal audit requirements, we can help! Our qualified ISO27001 lead auditors provide an internal audit service remotely via MS Teams to clients in the EU and outside the EU.
Our ISO 27001 internal audit services can help you:
Ensure that your ISMS meets the requirements of the ISO 27001 standard
Identify and address any gaps or deficiencies in your ISMS
Continuously improve the effectiveness of your information security controls
Prepare for external certification audits
Types of audit services offered:A pre-certification audit: is a comprehensive internal audit that is perfect for organizations working towards ISO27001 certification. We’ll measure in detail the compliance of your whole ISMS and prepare a comprehensive report ready for your certification audit.Ongoing internal audits: are available to support your post-certification requirements and we can provide different types of auditing services to meet your own internal auditing needs.
How Its works
The auditor works with the organization to define the scope and objectives of the audit, and develops an audit plan that outlines the audit methodology, timelines, and responsibilities.
The auditor conducts a thorough review of the organization's ISMS documentation, procedures, and controls to evaluate their effectiveness in meeting the requirements of the ISO 27001 standard. This may include interviews with key personnel, observations of processes, and testing of controls.
The auditor provides a comprehensive audit report that summarizes the findings of the audit, identifies any gaps or deficiencies in the organization's ISMS, and makes recommendations for improvement. The report may also include a risk assessment and an action plan for addressing any identified deficiencies.
The auditor works with the organization to implement any necessary corrective actions and to ensure that the ISMS continues to operate effectively. The auditor may conduct follow-up audits to evaluate the effectiveness of the corrective actions and to identify any new risks or opportunities.
Overall, the internal audit process is an important tool for ensuring that the organization's ISMS is effective, efficient, and compliant with the ISO 27001 standard. It helps the organization to identify areas for improvement and to continuously improve its information security practices to protect against threats and risks to its sensitive information assets.
The pricing of our audit service depends on the scope of your ISMS and the size of your organization.
The following prices are calculated for a remote audit of an SMB with 50 employees and low complexity:
Planning of the audit and initial review of the provided documentation. 4 h (0.5 days)
3- Remote audit
Conduction of the remote audit (interviews, systems checks, virtual walkthrough). 16 h (2 days)
Report creation and closing meeting with the management. overall 8h (1 day)
Based on the calculations above, we estimate 3.5 days* total audit effort.
The actual daily fee is 1480€*.
Get 10% off if you book in January for Q3 or Q4 2023
Internal Auditing - FAQs
How frequently does an organization need an internal audit?It is a requirement of the standard that an organization defines an audit plan covering a period of time, typically organizations prepare an annual audit schedule showing which functions or areas of the standard are to be audited at a particular time. Internal audits should be carried out in accordance with the audit schedule.
How much do internal audits cost? This is dependent on multiple factors from audit scope to size of the organization and number of sites. Submitting an enquiry and completing our audit booking form is the best way to get a quote specific to your organization.
How long will an internal audit take?This depends on the scope of the audit and if there are multiple sites, or business functions that fall under that audit scope. Time also needs to be factored in for evidence gathering, writing the audit report along with any audit findings and nonconformities that may be identified.
How can an internal audit help prepare for the certification audit?Internal audits are a requirement of the ISO27001 standard. A certification auditor will verify that you are carrying out internal audits to your audit schedule, and are providing the relevant audit evidence (reports and any nonconformities) and that the audit programme is being managed. Certification bodies will also check that the outputs of audits are being reviewed in your management review meetings to identify areas of weakness or areas for improvement.
What are the additional benefits of an internal audit?Confirms the health of your management system, the way it is operating and the efficiency of the business processes i.e. Is it wasting time, effort, and cash on inefficient processes?Ensures that your company operations, processes and procedures comply with statutory, regulatory and management system requirements.Gives senior management visibility into the effectiveness or weaknesses of the management system as part of the management review requirements.
SimpleInfoSec: Where Compliance Meets Competence