PCG logo

Identify any gaps and pass your external audit on the first try

The internal audit identifies any gaps to pass your external audit on the first try or follow up on your continuous improvement process. Our seasoned experts use a distinct maturity rating and detailed reporting, providing you a clear picture of your security status and respective action items.

Why is the ISO 27001 internal audit a crucial process?

The ISO 27001 internal audit is a crucial process that involves a comprehensive review of an organisation’s Information Security Management System (ISMS). Its primary goal is to identify any gaps or shortcomings that could potentially impede the effectiveness of your ISMS and its objectives. ISO 27001 explicitly requires this internal audit function (as stated in clause 9.2).

Internal audits can be conducted by an independent third party, such as a consultancy. This is where we come in.

Our diligent internal audits provide the perfect foundation for your external certification audit, adhering fully to ISO 27001’s requirement for an “independent internal audit”. All too often, unqualified or biassed staff members conduct internal audits, putting your ISO 27001 certification and company at risk. But with us, you’re in safe hands!

At PCG, we’re committed to meeting your internal audit requirements. Our team of seasoned lead auditors is prepared and equipped to conduct robust internal audits for ISO 27001. With PCG, audit with confidence, secure your ISMS, and get certified successfully!

ISO 27001 internal audit highlights:

  • Initial GAP analysis or recurring internal audits
  • Comprehensive, full-scope audits
  • Remote or on-site options as per your convenience
  • Practical, implementable recommendations
  • Current, cutting-edge knowledge
  • Ensuring your successful certification on the first attempt
image-42c57a1b06d8

Fabian Weber, Head of Compliance

Your ISO 27001 Lead Auditor

Meet our Head of Compliance, Fabian Weber (B.Sc.). He is an internationally recognized ISO 27001 expert and ISO 27001 Lead Auditor. Over 30,000 IT-Security-Experts follow and trust Fabian Weber on LinkedInExternal Link. He has a decade of experience in cloud & information security. Fabian built up security strategies for companies of every size from startups to international enterprises. Compliance as a Service is the result to provide businesses a transparent and efficient state-of-the-art solution for their security frameworks.

The internal audit process

Take a look at our straightforward, easy-to-understand audit process. It is defined by clarity and simplicity, making a task often perceived as complex, truly accessible.See how we make auditing uncomplicated and transparent for you:

image-9b622916c0eaimage-9b622916c0ea

What does the audit consist of?

Our internal audits encompass a mix of document reviews, video checks of your premise, and remote discussions with your staff. We examine relevant documents to determine if your established processes and procedures are adhered to effectively.

Our exhaustive audit plan covers:

  • Audit mission statement: Outlining objectives, criteria, and general information.
  • Audit plan: Offering a detailed timeline featuring audit times, subjects, methods used, and your designated representatives.

Our comprehensive audit report encompasses:

  • Audit specifics: Including duration, resources utilised, employees interviewed, and any interruptions or challenges faced.
  • Maturity rating: A five-level assessment (ranging from “incomplete” to “optimised” as per ISO 29190).
  • Evidence examination: Displaying the evidence examined and an audit trail for all areas within the ISO standard’s scope.
  • Non-conformities: Pinpointing any areas that do not align with the ISO standard, thus supporting your continual improvement efforts.
  • Positive findings: Highlighting areas where your organisation shows admirable practices and achievements.
  • ISMS and Annex A spider diagram: Showcasing your actual versus target score.
  • Management Summary: A straightforward, comprehensive summary outlining the relevant results.
  • Detailed Audit Framework: An in-depth framework that corresponds to all ISO requirements and controls.

The Audit Framework details notes, recommendations, additional examples, and findings. Information is arranged per chapter, with average values derived for each. It shows the maturity status of your ISMS according to ISO 29190 and underlines areas where your team excelled and where it faced challenges.

These audit plans and reports act as essential documents for your organisation, demonstrating to external certification bodies that you’re fulfilling the internal audit requirements as per the ISO standard. The internal audits consist of a combination of document reviews and remote discussions with relevant management and staff members. Through the review of relevant documented information, we assess whether the established processes and procedures are being followed effectively.

Audit sneak peek

These screenshots give you a quick idea of what to expect from the output of your audit.

image-27958121a085
  1. Organisational controlsExternal Link
  2. Maturity stagesExternal Link
  3. ISMS & Infosec controls status matrixesExternal Link
  4. Audit results - Part 1External Link
  5. Audit results - Part 2External Link
  6. PlanExternal Link

How do we calculate the effort?

The pricing of our audit service depends on the scope of your ISMS and the size of your organisation. The following example efforts are calculated for a company with the following parameters:

  • A remote audit
  • SMB with 50 employees
  • One location
  • Low complexity
  • One core product/service

Preparation phase: 0.5 days
Planning of the audit and initial review of the provided documentation.

Remote audit: 2 days
Conduction of the audit (interviews, systems checks, virtual walk through).

Reporting phase: 1 day
Report creation and closing meeting with the management.

Based on the calculation above, we estimate 3.5 days total audit effort.

image-56fb8bf69650image-56fb8bf69650


Benefits of ISO 27001 – Internal Audit

Extending expertise
Extending expertise

While auditing is an integral part of our offerings, our expertise extends across the breadth of an ISMS.

Understanding the nuances
Understanding the nuances

With extensive experience, PCG excels in guiding technical implementations, managing audits, empowering leadership, streamlining with automation, and focusing on critical risk factors.

Partnering for success
Partnering for success

When businesses choose our services, they aren’t just selecting an auditor. As a partner with services in all fields PCG provides a comprehensive service structure for their customers. Plus, a stamp of approval – our clients consistently give us a 100% recommendation rate.

Actionable advice & success
Actionable advice & success

We offer concise, actionable advice for implementing their controls, eliminating guesswork. Our clients typically sail through their certification at the first attempt, a testament to our thorough preparation.

Hands on briefing
Hands on briefing

We ensure they are primed for their external audit with a comprehensive briefing.

Full security posture
Full security posture

Our detailed report encompasses all ISO controls, providing a full picture of their ISMS health.

Get started with ISO 27001 – Internal Audit

PCG ISO 27001 Internal Audit Service

Details
chevron
  • Full report covering all ISO 27001 controls

  • Knowledge in auditing, IT operations & tools

  • Detailed and easy to understand report

  • State-of-the-art knowledge with focus on modern technology and hands-on infosec

  • Experience the future of auditing and see firsthand how we are transforming the industry standard for the better. Should you wish to discuss your unique journey towards ISO 27001 certification, don’t hesitate to schedule your introductory call with us.

Our Clients

Chevron prev
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Client logo
Chevron next

Read About Our Experience With ISO 27001 – Internal Audit

Article
Addressing compliance requirements with the cloud

Exploring the complexities of cloud compliance: Unveil the evolving regulatory landscape and discover how major hyperscalers like AWS, Azure, and Google Cloud simplify adherence to intricate requirements.

Learn more
Article
Big Data
Machine Learning
AI
Google Gemini 2.0 has arrived – smarter, faster, multimodal

Discover Gemini 2.0: Google's AI model with agents for increased efficiency and innovation in businesses.

Learn more
Article
Automation
Automated Control Rollout in AWS Control Tower

Control Tower Controls help you to set up guardrails making your environment more secure and helping you ensuring governance across all OUs and accounts.

Learn more
News
Above the Clouds: PCG's Stellar Performance at the AWS LeadMaster Challenge 2024

Wow, what a triumph! Public Cloud Group has just swept the AWS Summit 2024 Lead Master Challenge.

Learn more
See all

Frequently Asked Questions

What additional benefits does an internal audit offer?
closeAccordion

It confirms the health of your management system and assesses its operational efficiency, including identifying any inefficiencies in processes that may result in wasted time, effort, or resources.

It ensures compliance with statutory, regulatory, and management system requirements in your company’s operations, processes, and procedures.

It provides senior management with visibility into the effectiveness or weaknesses of the management system, fulfilling the management review requirements.

How can an internal audit assist in preparing for a certification audit?
openAccordion

Internal audits are a prerequisite for the certification audit. Certification auditors verify that internal audits are conducted according to the audit schedule, and they examine the relevant audit evidence (reports and any nonconformities). Certification bodies also assess whether audit outputs are reviewed in management review meetings to identify weaknesses and areas for improvement.

How long does an internal audit usually take?
openAccordion

The duration of an internal audit depends on the audit scope, the presence of multiple sites or business functions within that scope, and the time required for evidence gathering and report writing, including any identified audit findings and nonconformities.

How much do internal audits cost?
openAccordion

The cost of internal audits depends on various factors, including the audit scope, organisation size, and number of sites. To receive an offer tailored to your organisation, it is recommended to submit an inquiry.

How often does an organisation require an internal audit?
openAccordion

The standard mandates that organisations establish an audit plan for a specified timeframe. Typically, organisations create an annual audit schedule, indicating which functions or areas of the standard will be audited at specific times. Internal audits should align with this audit schedule.

Who needs to be present during an internal audit?
openAccordion

Representatives involved in the audited activities, along with any additional representatives as necessary.

Let's work together

United Kingdom
Arrow Down