Service
ISO 27001 audit
We check how far you are from compliance with ISO 27001 and show the path to the certificate. A concrete gap analysis instead of a general opinion that things are fine or not.
- ISO/IEC 27001
- 3000+ workstations
- Since 2017
An ISO 27001 audit puts your knowledge of information security in order. It shows which requirements of the standard are met, where the gaps are and what to do to pass certification without corrections.
Scope of the ISO 27001 audit
We compare the system against the requirements of the standard and show the path to the certificate, without sugar coating.
-
Gap analysis against the standard
We compare the management system with the requirements of ISO/IEC 27001 and Annex A. You know exactly what is missing.
-
Documentation review
Policies, procedures, registers and records. We check whether they are complete and match reality.
-
Verification in practice
Interviews and a configuration review show whether the written rules are really applied, not just described.
-
Plan to certification
You get a ranked list of actions and a realistic schedule for reaching the certification audit.
What is an ISO 27001 audit?
An ISO 27001 audit is an assessment of a company information security management system (ISMS) against the requirements of the ISO/IEC 27001 standard. It puts in order the knowledge of which requirements are already met, where the gaps are and what needs to be corrected to pass certification without surprises. For businesses in Warsaw and across Poland it is usually the first step before implementing the system or before a certification body audit.
An ISO 27001 audit covers a gap analysis against the standard and Annex A, a review of documentation, meaning policies, procedures, registers and records, and verification in practice of whether the written rules are actually applied. The result is a report with nonconformities and recommendations, together with a ranked list of actions and a schedule for reaching the certification audit. It is led by an ISO/IEC 27001 internal auditor.
The certificate is a result, not a goal
Companies often want the ISO 27001 certificate because a client or a tender requires it. That is a good reason, but a certificate on the wall does not protect data by itself. What protects it is a working system: known risks, clear access rules, verified backups and people who know how to respond.
Our audit looks at exactly that. We check whether the written rules are applied in practice, because the auditor from the certification body will do precisely the same. You approach certification with a system that works, not with documentation written for a single day.
How the audit proceeds
Objectively and within an agreed scope, with certification in mind.
- gap analysisstate against the standard
- reportnonconformities and recommendations
- schedulepath to certification
- auditorinternal ISO/IEC 27001
- Scope and context. We set the scope of the system and the context of the organisation. An audit only makes sense when it concerns real processes.
- Objective assessment. We assess compliance without sugar coating. We name nonconformities plainly, because only that leads to the certificate.
- Support after the audit. We can lead the implementation of the recommendations and prepare the company for the certification body audit.
How we bill
We quote this service individually after a scope survey.
Frequently asked questions
How does an ISO 27001 audit differ from implementation?
An audit assesses the current state and points out gaps against the standard. Implementation is building and running the information security management system. It usually starts with an audit, so you know where to begin.
Does an audit mean certification straight away?
No. Our audit is internal and preparatory. It shows readiness and gaps, and the certificate is issued by an independent certification body after its own audit, which we prepare you for.
Who runs the audit?
The audit is run by an ISO/IEC 27001 internal auditor who carries out implementations and handles incidents day to day. The assessment comes from practice, not just from reading the standard.
How long does the audit take?
It depends on the size of the company and the scope of the system. Once we agree the scope, we give a specific deadline, and we deliver the results as a report with an action plan.
Let us talk about your project
Answer 2 questions about your company. You will see a simple estimate right away, and we will prepare a full proposal within 24 business hours.
- 2 minutes, no commitment
- You talk to an engineer, not a salesperson
- No spam, one contact about your quote