ISO/IEC 27001 · CLAUSE 9.2
Your ISO/IEC 27001 internal audit, run independently.
A structured audit of your information security management system against ISO/IEC 27001 requirements — conducted by a credentialled Lead Auditor.
WHAT THIS IS AND ISN'T
What this is
Your organisation's own internal audit of your information security management system, conducted by an independent, credentialled auditor.
A structured assessment against ISO/IEC 27001 requirements and Annex A controls — with findings referenced to specific clauses, evidence cited, and prioritised actions.
A signed audit report you can keep, act on, and present to management or your certification body.
What this isn't
Not certification. Not your external certification-body audit, and not a substitute for it.
We don't issue certificates. We conduct the independent internal audit (Clause 9.2) that ISO/IEC 27001 requires organisations to run — the audit that demonstrates your ISMS is working as intended.
Not a penetration test or technical security assessment. This is a management system audit: evidence, documentation, and conformance with the standard requirements.
Who it's for
Organisations with an existing ISO/IEC 27001 ISMS that need a credible independent internal audit — for maintenance, surveillance, or pre-recertification readiness.
What you get
A signed, independent internal audit report. Scope, method, findings against specific requirements and controls, evidence cited, and prioritised actions.
How it runs
Scope and schedule agreed in writing. Evidence reviewed against requirements and Annex A controls. Every finding signed off by the Lead Auditor. You deal with a person.
Ready to scope an audit?
The qualifier takes five minutes. Tell us about your ISMS and what you need from an internal audit.