Internal Audit ISO/IEC 27001: 2022

GRC Audit ("GRCA")  provide affordable ISO 27001 consultancy to organisations globally. Our expert consultants can demystify the requirements and help you become and remain certified. If you need help implementing #ISO27001 from experienced consultants then we’re the perfect fit for you.

REQUEST MORE INFORMATION NOW

• All Policies, Procedures & Records Created
• Risk Assessment & Risk Treatment Planning
• Employee Awareness Training Sessions
• Internal Auditing & Management Review
• Ongoing Support & Managed Service Options
• Consultants Across the UK

Contact us for information and pricing.

For companies who have both US-based clients and international clients, compliance may seem like a cumbersome task. Whereas SOC audits meet the needs of US-based clients, international clients are increasingly asking for ISO 27001 reports. The ISO 27001 standard was developed to provide a consistent model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). The ISMS is not a one-size-fits-all system. Rather, the design, implementation, monitoring, and maintenance of an organization’s ISMS should be based off of their unique needs and requirements.

The ISO 27001 standard adopts the “Plan-Do-Check-Act” (PDCA) model, which is applied to structure all ISMS processes.

• Plan (establish the ISMS): Establish ISMS policy, objectives, processes and procedures relevant to managing risk and improving information security to deliver results in accordance with an organization’s overall policies and objectives.
• Do (implement and operate the ISMS): Implement and operate the ISMS policy, controls, processes and procedures.
• Check (monitor and review the ISMS): Assess and, where applicable, measure process performance against ISMS policy, objectives and practical experience and report the results to management for review.
• Act (maintain and improve the ISMS): Take corrective and preventive actions, based on the results of the internal ISMS audit and management review or other relevant information, to achieve continual improvement of the ISMS.

Our team will work closely and collaboratively with your team to determine which sections of the ISO 27001 standard apply to your operations. GRCA can assist your company with the following ISO 27001 audit activities:

• Pre-Assessment: Our pre-assessment process is tailored for the needs of companies undergoing the ISO 27001 audit for the first time. As part of the pre-assessment, we will review of your ISMS and its operation as a rehearsal for the future audit. As part of this work, we will review key documents review and interviews key employees. The pre-assessment will assess the degree of conformance of your system to the IS 27001 standard and provide a recommendation of a go or no-go decision to undergo the certification audit. You will receive a report of any findings and remediation requirements to bring your ISMS into conformance with the ISO 27001 standard. The pre-assessment report will reveal non-conformities, so you have time to address those prior to starting the formal certification audit.
• Stage 1 Audit: During this stage, we will review your company’s documentation to confirm that it is in compliance with the requirements of ISO 27001.
• Stage 2 Audit: During this stage, we will perform a formal certification assessment of the ISO 27001 standard against your ISMS, ultimately leading to certification. We will assess your documentation and controls to ensure your ISMS is fully operational.
• Surveillance Audit: Certifications are valid for 3 years. To ensure ongoing conformity of your ISMS with ISO 27001, we will perform surveillance audits for two years following the certification.
• Security awareness training services provide a continuous cycle of assessment, education, reinforcement, and measurement to maximize learning and lengthen retention. Our methodology sits in strong contrast to a “one and done” approach, giving you the flexibility to evolve your program over time, identify areas of susceptibility, and deliver targeted training when and where it is most needed.