GRC Expertise | Integrity Delivered ...going beyond Compliance

GRC Audit Consultancy
GRC Audit Consultancy
  • Home
  • About Us
    • About
    • Mission Statement
  • Services
    • SOC Services
    • ISO 14001
    • ISO 27001:2022
    • ISO 27002:2022
    • ISO 45001
    • COBIT® 2019
  • Training
    • Book a Course
    • ISO27001 Lead Auditor
    • ISO27001 Lead Implementer
    • UK GDPR Foundation
    • UK GDPR Practitioner
    • COBIT® Training
    • How To Book & Pay
  • Contact Us
  • More
    • Home
    • About Us
      • About
      • Mission Statement
    • Services
      • SOC Services
      • ISO 14001
      • ISO 27001:2022
      • ISO 27002:2022
      • ISO 45001
      • COBIT® 2019
    • Training
      • Book a Course
      • ISO27001 Lead Auditor
      • ISO27001 Lead Implementer
      • UK GDPR Foundation
      • UK GDPR Practitioner
      • COBIT® Training
      • How To Book & Pay
    • Contact Us
  • Sign In
  • Create Account

  • Bookings
  • My Account
  • Signed in as:

  • filler@godaddy.com


  • Bookings
  • My Account
  • Sign out

Signed in as:

filler@godaddy.com

  • Home
  • About Us
    • About
    • Mission Statement
  • Services
    • SOC Services
    • ISO 14001
    • ISO 27001:2022
    • ISO 27002:2022
    • ISO 45001
    • COBIT® 2019
  • Training
    • Book a Course
    • ISO27001 Lead Auditor
    • ISO27001 Lead Implementer
    • UK GDPR Foundation
    • UK GDPR Practitioner
    • COBIT® Training
    • How To Book & Pay
  • Contact Us

Account


  • Bookings
  • My Account
  • Sign out


  • Sign In
  • Bookings
  • My Account

Internal Audit ISO/IEC 27001: 2022

Overview

GRC Audit ("GRCA")  provide affordable ISO 27001 consultancy to organisations globally. Our expert consultants can demystify the requirements and help you become and remain certified. If you need help implementing #ISO27001 from experienced consultants then we’re the perfect fit for you.


REQUEST MORE INFORMATION NOW

  • All Policies, Procedures & Records Created
  • Risk Assessment & Risk Treatment Planning
  • Employee Awareness Training Sessions
  • Internal Auditing & Management Review
  • Ongoing Support & Managed Service Options
  • Consultants Across the UK


Contact us for information and pricing.


For companies who have both US-based clients and international clients, compliance may seem like a cumbersome task. Whereas SOC audits meet the needs of US-based clients, international clients are increasingly asking for ISO 27001 reports. The ISO 27001 standard was developed to provide a consistent model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). The ISMS is not a one-size-fits-all system. Rather, the design, implementation, monitoring, and maintenance of an organization’s ISMS should be based off of their unique needs and requirements.


The ISO 27001 standard adopts the “Plan-Do-Check-Act” (PDCA) model, which is applied to structure all ISMS processes.


  • Plan (establish the ISMS): Establish ISMS policy, objectives, processes and procedures relevant to managing risk and improving information security to deliver results in accordance with an organization’s overall policies and objectives.
  • Do (implement and operate the ISMS): Implement and operate the ISMS policy, controls, processes and procedures.
  • Check (monitor and review the ISMS): Assess and, where applicable, measure process performance against ISMS policy, objectives and practical experience and report the results to management for review.
  • Act (maintain and improve the ISMS): Take corrective and preventive actions, based on the results of the internal ISMS audit and management review or other relevant information, to achieve continual improvement of the ISMS.


Our team will work closely and collaboratively with your team to determine which sections of the ISO 27001 standard apply to your operations. GRCA can assist your company with the following ISO 27001 audit activities:


  • Pre-Assessment: Our pre-assessment process is tailored for the needs of companies undergoing the ISO 27001 audit for the first time. As part of the pre-assessment, we will review of your ISMS and its operation as a rehearsal for the future audit. As part of this work, we will review key documents review and interviews key employees. The pre-assessment will assess the degree of conformance of your system to the IS 27001 standard and provide a recommendation of a go or no-go decision to undergo the certification audit. You will receive a report of any findings and remediation requirements to bring your ISMS into conformance with the ISO 27001 standard. The pre-assessment report will reveal non-conformities, so you have time to address those prior to starting the formal certification audit.
  • Stage 1 Audit: During this stage, we will review your company’s documentation to confirm that it is in compliance with the requirements of ISO 27001.
  • Stage 2 Audit: During this stage, we will perform a formal certification assessment of the ISO 27001 standard against your ISMS, ultimately leading to certification. We will assess your documentation and controls to ensure your ISMS is fully operational.
  • Surveillance Audit: Certifications are valid for 3 years. To ensure ongoing conformity of your ISMS with ISO 27001, we will perform surveillance audits for two years following the certification.
  • Security awareness training services provide a continuous cycle of assessment, education, reinforcement, and measurement to maximize learning and lengthen retention. Our methodology sits in strong contrast to a “one and done” approach, giving you the flexibility to evolve your program over time, identify areas of susceptibility, and deliver targeted training when and where it is most needed. 

 

​​​​ISO 27001 Certification Process and Timeline

PRE-CERTIFICATION

GAP Analysis

2-3 Weeks

Current state of processes and practices in place. from here we can determine the starting point.

Implementation

~3 Months

- Create Policies and Standards.


- Document Procedures.


- Establish Information Security Management System (ISMS).

Observation

2-3 Months

What is the day to day?


- Control and Observation.


- Make necessary adjustments.


- Refine Procedures.

Internal Audit

1 Week

Preparation for the Certification Audit.


CERTIFICATION PROCESS

Certification Audits

1-2 Months

- Phase 1 Certification Audit.


- Phase 2 Certification Audit.


CERTIFIED

Internal Audits

Every 3 - 6 Months

Review Audit by Certification Body

1 Year after Certification

Internal Audits

Every 6 Months

Review Audit by Certification Body

2 Year after Certification

Re-Certification Audits

3 Year after Certification

- Phase 1 Certification Audit.


- Phase 2 Certification Audit.


RE-CERTIFIED!

IBITGQ 's Training Links and Resources

https://www.ibitgq.org/certificates

Copyright © 2025 GRCA.  All Rights Reserved.

  • Book a Course
  • Privacy Policy

Powered by