Information security audits are a vital aspect of the security governance process and it’s in your organisation’s best interest to make sure they’re done right.

We offer a range of security audit and risk assessment services aimed at maintaining compliance with internal policies, external standards and legal obligations. We can also help you assess the security capabilities of your key suppliers.

The following examples are typical security audit and risk assessment engagements we undertake for our clients: –


    Top faqs AboutInformation Security Audit

    What are the Requirements of a ISO 27001 Internal Audit

    Internal audit is a vital tool in maintaining the viability of your information security management system. Clause 9.2 of ISO 27001 requires that you implement an appropriate internal audit program. Our consultants have experience of ISO 27001 audits in a wide range of organisations and can provide expert assistance with your audit workload. We help different organisations in different ways. You may wish to outsource your entire security audit program to us or just use us to help clear an audit schedule backlog or when you need a fresh pair of eyes for time to time.

    Since the arrival of GDPR in May 2018, many organisations have increased their internal audits in relation to Data Protection compliance, largely due to the increased risks and penalties. We can help you ensure that your Data Protection Management System audits provide the appropriate coverage to ensure compliance with your internal policies and processes and with the DPA 2018 and GDPR.

    Supplier security management is a vitally important aspect of security for many companies particularly where data is shared with suppliers. We can provide expertise throughout the supplier relationship lifecycle from initial due diligence audits through ongoing contract compliance audit to contract termination reviews.

    We work with many larger companies where the growth of the due diligence workload has increased rapidly in recent years due to new supplier management requirements as well as mergers and acquisitions.

    It is not uncommon for due diligence requirements to have a certain urgency attached to them, so you may find that you need a safe pair of hands to call upon at short notice. If that sounds like you, we can respond quickly and help ease your due diligence workload.

    The best way to kick off an Information Security or Data Protection improvement project is by analysing where you currently stand. Our consultants will quickly help you assess the suitability of your policies and your physical and technical controls and identify your priorities.