INDEPENDENT AUDIT PRACTICE
Independent assurance for cyber security and responsible AI.
We audit information security and AI management systems against ISO/IEC 27001 and ISO/IEC 42001, helping organisations understand what is working, where gaps exist and what needs attention.
SERVICES
Internal audit for information security and AI management systems.
TRUSTYCYBER conducts independent internal audits against ISO/IEC 27001 and ISO/IEC 42001. Each engagement has an agreed scope, defined audit criteria and findings supported by the evidence examined.
ISO/IEC 42001 Internal Audit
An independent internal audit of your AI management system against the agreed ISO/IEC 42001 criteria, including applicable Annex A controls. Best suited to organisations with an established or substantially established AIMS.
ISO/IEC 27001 Internal Audit
An independent internal audit of your information security management system against the agreed ISO/IEC 27001 criteria and applicable Annex A controls. Best suited to organisations maintaining or preparing for certification.
WHEN WE ARE A FIT
A good fit when
A management system already exists, at least substantially.
Scope and audit criteria can be defined and agreed before work begins.
Relevant documentation and operating evidence can be made available.
You want findings that are independent, referenced and actionable.
You want clear professional accountability for the audit and its conclusions.
Not ready yet?
The fit check identifies whether an internal audit is the appropriate next step and highlights any foundations that should be completed first.
If your management system is still being established, the result will explain what needs to be in place before an audit is likely to be useful.
THE ENGAGEMENT
How it works.
Qualify
Complete the fit check. It identifies whether an internal audit is appropriate and provides initial context for scoping.
Scope
We agree the management-system boundary, audit criteria, sampling approach, schedule, deliverables and evidence-handling arrangements.
Review
Documentation and operating evidence are examined against the agreed requirements.
Assess
Interviews and additional testing are used to verify whether documented arrangements operate in practice.
Report
You receive a final report setting out the scope, criteria, method, findings and agreed action priorities.
Close
We explain the findings and answer questions about the report. Remediation decisions and implementation remain under your control.
Is this the right next step?
The fit check takes approximately two minutes. It identifies whether an internal audit is appropriate and what would be needed before we start.