Internal Auditing for ISO 27001, ISO 22301 ISO 9001 and Tisax

ISO 27001 – Information Security Audits: Grow your business with ISO 27001. Improve security, build trust, and meet requirements easily. Our experts can help you succeed.

ISO 22301 – Business Continuity Audits: Be resilient with ISO 22301. Our expertise ensures a smooth setup to protect continuity during disruptions.

Internal Auditing Services Brochure

ISO 9001 – Quality Audits: Make your processes better and your customers happier. We provide ISO 9001 certification to help your business run smoothly and satisfy customers.

Tisax – Automotive Security Audits: Make Tisax compliance easy with our expert help. Streamline security standards for cars to operate smoothly and build trust.

Streamlined Internal Audits: Meet ISO requirements easily with our audits. Improve effectiveness, ensure compliance, and set the path for lasting success.

Solutions for ISO and Tisax Internal Audits.

Business Continuity Planning

ISO 9001: Quality Management Audits

Improve your products and services, make processes better, and exceed customer expectations with ISO 9001 certification.

Disaster Recovery Solutions

ISO 27001: Information Security Audits

Assess your information security solutions carefully and independently with ISO 27001 internal security audits.

Risk Management and Mitigation

ISO 22301: Business Continuity Audits

Check your business continuity plans thoroughly and independently with ISO 22301 internal business continuity audits.

Crisis Communication Planning

Tisax: Automotive Security Audits

Assess Tisax security, then work with your chosen external audit certification body for automotive information security solutions. Take control of your security needs.

Business Continuity Audits

Managed Internal Audit Service

For Small Businesses we make your internal information security and business continuity internal audit process work better with our managed service and continuous improvement process.

Training and Awareness Programs

Combined Audits

Make audits easier with combined assessments. We integrate information security, business continuity, quality frameworks to conduct thorough evaluations and identify an opportunity for improvement in one efficient process.

Examples of Internal Audits for ISO and Tisax

St Ann's Hospice Lottery

St Ann's Hospice Lottery

St. Ann's Hospice Lottery raises funds for UK charity, providing care to patients with life-limiting illnesses, offering cash prizes.

St Ann's Hospice Lottery Case Study


Behaviorally, a software firm, enhances e-commerce by offering behavior-based customer experience solutions, boosting engagement and conversions.

Behaviorally Case Study


Unipart, a UK multinational, offers engineering, logistics, and consultancy to industries like automotive, rail, and healthcare..

Questions and Answers about ISO and Tisax Audits

Can you streamline your internal audit process?

Our comprehensive solution offers a structured audit plan that covers various types of audits, including party audits.

Our internal audit checklist ensures that no stone is left unturned, and our efficient audit schedule keeps everything on track. We also provide a thorough management review to ensure that all processes align with your business objectives.

Our unique approach includes a detailed gap analysis to identify areas of improvement and ensure compliance with industry standards. Plus, we take into account previous audits to learn from past experiences and continually improve the audit process.

Choose us for a seamless, efficient, and effective audit experience. Let's work together to achieve excellence in your internal audit process.

Should we treat our audits like a practice run?

No, audits are not used as dress rehearsals. Audits are formal assessments of a company's financial records and processes to ensure accuracy and compliance.

On the other hand, dress rehearsals are practice runs for events or performances.

How can we pick the best certification body?

To choose the right certification body, customers should consider a few key factors:

  • Accreditation: Look for a certification body that is accredited by a recognised accreditation body. Ensuring they meet certain standards of competence and impartiality.
  • Expertise: Consider their expertise in your specific industry or field. A certification body with experience in your area will better understand your unique needs.
  • Reputation: Check their reputation and customer reviews to ensure a track record of providing reliable and trustworthy certification services.

Remember, choosing the right certification body is essential for maintaining the credibility and integrity of your certification.

How can we do internal audits effectively?

To conduct effective internal audits, follow these steps:

  • Plan: Determine the scope and objectives of the audit. Identify the areas or processes you want to assess.
  • Prepare: Gather relevant documents, procedures, and records. Familiarise yourself with the audit criteria and standards.
  • Schedule: Set a date and time for the audit. Notify the employees involved and ensure their availability.
  • Conduct: Start the audit by interviewing employees, observing processes, and reviewing documents. Take notes and ask questions to gather evidence.
  • Analyze: Evaluate the information collected and compare it against the audit criteria. Identify any non-conformities or areas for improvement.
  • Report: Document your findings in a clear and concise report. Include recommendations
Doing remote internal audits (9.2)?

Remote ISO internal audits (9.2) can be done effectively following a few steps:

  • Ensure you have a reliable video conferencing platform to communicate with auditors.
  • Provide access to relevant documents and records electronically. Auditors can ask questions and request evidence through video calls during the audit.
  • Ensure that any non-conformities or areas for improvement are documented and addressed.

By following these steps, you can successfully conduct remote ISO internal audits.

How can we prevent being complacent during ISO audits?

It is essential to review and update your processes and procedures regularly to stop ISO audit complacency.

Encourage a culture of continuous improvement within your organization by:

  • setting clear goals and expectations for ISO compliance.
  • Provide regular training and education to employees to ensure they understand the importance of maintaining ISO standards.

Additionally, consider conducting internal audits to:

  • identify any areas of complacency
  • and take corrective actions promptly.

You can prevent complacency and maintain high standards by staying proactive and committed to ISO compliance.

How can we manage corrective actions?

To effectively manage ISO corrective actions, ensure a systematic approach.

  • Identify issues.
  • Prioritize them.
  • Assign responsibility.

Create action plans with clear steps and timelines.

  • Monitor progress closel.y
  • Communicate updates.

Once resolved, review the effectiveness of actions taken.

Regularly assess and adjust your processes for continuous improvement in line with ISO standards.

Why are regular audits important?

As ISO standards outline, regular audits are vital for your company's growth. They ensure adherence to set quality benchmarks, enhance operational efficiency and boost customer satisfaction.

You'll identify improvement areas by conducting consistent audits, rectifying processes, and maintaining compliance. Ultimately, this leads to higher productivity, better risk management, and a more substantial reputation in the market.

How much do internal audits cost?

The cost of an internal audit can vary significantly depending on factors such as:

  • The size and complexity of the organization
  • The scope of the audit
  • The internal auditors' expertise
  • The duration of the audit process

In the UK, the cost of an ISO internal audit depends on:

  • The organization's size and complexity
  • The audit's scope
  • The internal auditors' qualifications and experience

On average, the cost can range from several hundred to several thousand pounds, depending on the specific requirements.

While internal audits may have an initial cost, they can provide significant benefits, including:

  • Improved quality
  • Enhanced performance
  • Better risk management

Ultimately, they can save organizations money by reducing the risk of non-compliance and other issues. Obtaining quotes from several internal audit providers is recommended to:

  • Compare costs
  • Ensure the best value for your budget.
Differences between a certification and an internal audit?

A certification audit is an external audit conducted by a third-party certification body to assess whether an organization meets the requirements of a specific standard, such as ISO 9001.

On the other hand, an internal audit is conducted by the organization itself, following its own internal audit procedures, to assess its compliance with the standard and identify areas for improvement.

The results of internal audits are typically reviewed by management during a management review to determine what actions need to be taken to improve the organization’s compliance with the standard.

What should we include in a project's internal audit?

During an ISO27001 internal audit of projects, it is important to cover several key areas. These include:

  • Assessing the effectiveness of information security controls.
  • Reviewing project documentation and processes.
  • Evaluating risk management practices.
  • Ensuring compliance with ISO27001 requirements.

By thoroughly examining these aspects, you can identify potential vulnerabilities or areas for improvement within your projects. This will ultimately enhance the overall security of your organization's information.

Integrated or Combined ISO audits?

Integrated ISO audits combine multiple ISO standards into a single audit, while combined ISO audits involve conducting separate audits for each ISO standard.

Integrated audits offer the advantage of simultaneously saving time and resources by addressing multiple standards. On the other hand, combined audits allow for a more focused examination of each standard.

The choice between the two depends on your organization's needs and resources.

How to do an ISO 27001 internal audit?

Conducting an ISO 27001 internal audit involves the following steps:

  • Plan the Audit:Develop an audit plan that outlines the audit's scope, objectives, and schedule.

  • Identify the Audit Team:Choose a team of individuals with relevant experience and knowledge to conduct the audit.

  • Review the Documentation:Review the ISO 27001 documentation, including the ISMS policy, procedures, and records, to ensure they are complete and up-to-date.

  • Conduct the Audit:Conduct the audit by following the audit plan and using a combination of questioning, observation, and testing.

  • Report the Findings:Prepare a report that summarises the audit findings and includes recommendations for improvement.

  • Review the Findings:Review the findings with senior management and key stakeholders to discuss any areas for improvement.

  • Implement Improvements:Implement any necessary improvements to the ISMS based on the findings of the audit.

  • Monitor Progress:Monitor progress to ensure that improvements are made and that the ISMS continues to meet the requirements of ISO 27001.

It is important to note that an internal audit process should be conducted by individuals who are independent of the audited areas and have the necessary skills, knowledge, and experience to conduct an effective audit. In addition, it is recommended to conduct regular internal audits to ensure the ISMS continues to meet the requirements of ISO 27001 and to identify any areas for improvement.

What occurs during ISO opening and closing meetings?

During an ISO opening meeting, the purpose and objectives of the audit will be discussed, as well as the scope and timeline. The auditors will introduce themselves and explain their roles. The auditee must provide any necessary documentation and answer any questions the auditors may have.

In the closing meeting:

  • The auditors will provide feedback on the audit findings and any non-conformities identified.
  • They will discuss any corrective actions that need to be taken and provide recommendations for improvement.
  • The auditee will have the opportunity to ask questions and clarify any issues.
  • The auditors will then conclude the meeting and give a final audit report.

This formatting breaks down the information into distinct sections, making it easier to follow and understand.

External audit and opportunity to improve?

An external audit is a comprehensive assessment of an organization's processes, procedures, and systems by an impartial third-party auditor.

It is conducted to evaluate the organization's compliance with industry standards or regulations, such as ISO.

During the audit, the auditor will review documents, conduct interviews, and observe processes to determine if the organization follows the standard's requirements.

At the end of the audit, the auditor will present the audit report findings:

  • Non-conformities
  • Observations
  • Opportunities for improvements

These are areas where the organization can improve. These non-conformities may be minor or major and should be taken seriously by the organization.

The auditor will also provide recommendations for improvement and best practices to help the organization address areas where it may be lacking. This is an opportunity for the organization to improve its systems and processes, demonstrate its commitment to quality, and achieve certification or recognition.

How does ISO 27001 relate to your quality management?

ISO 27001 and quality management systems (QMS) are important for organizations to maintain control and security over their information. ISO 27001 provides a comprehensive framework for information security management. At the same time, a QMS is designed to ensure consistent and effective organizational performance.

The integration of ISO 27001 and a QMS can provide several benefits, including:

  • Improved Efficiency: By integrating ISO 27001 and a QMS, organizations can minimize the duplication of effort, streamline processes, and reduce the administrative burden associated with maintaining separate systems.

  • Enhanced Security: Integrating ISO 27001 and a QMS can help organizations identify and mitigate information security risks more effectively by integrating security into all aspects of their operations.

  • Better Compliance: By integrating ISO 27001 and a QMS, organizations can demonstrate compliance with relevant regulations and standards and maintain a high level of control over their information.

  • Improved Customer Confidence: Organizations that integrate ISO 27001 and a QMS can demonstrate their commitment to information security and customer confidence, which can be critical for maintaining a competitive advantage in the marketplace.

  • A Better Understanding of Risks: Integrating ISO 27001 and a QMS can help organizations understand the potential risks associated with their information security and prioritize their security initiatives accordingly.

To integrate an ISO 27001 and a QMS, organizations should start by:

  • Identifying the processes and systems that need to be integrated,
  • Developing an implementation plan to ensure that all processes are consistent and aligned.

This may require:

  • Training,
  • Policy and procedure development, and
  • The implementation of appropriate technical measures.

By integrating an ISO 27001 and a QMS, organizations can ensure that they have a comprehensive and effective approach to information security and quality management. This can help to minimize risks, improve customer confidence, and maintain their competitive advantage.

Who's in charge of ISO processes or controls?

ISO Process Owner: The ISO process owner oversees and manages a specific process within the organization to ensure compliance with ISO standards. They are in charge of:

  • Implementing and maintaining the process
  • Monitoring its effectiveness
  • Making improvements when necessary

Control Owner: On the other hand, the control owner is responsible for:

  • Establishing and maintaining required controls
  • Mitigating risks
  • Ensuring compliance with ISO standards They:
  • Regularly review and update controls
  • Ensure correct implementation and adherence

Both roles contribute to:

  • Meeting ISO requirements
  • Operating competently within the organization.
Vertical or horizontal ISO audits?

Vertical ISO audits focus on a specific process or department within an organization, while horizontal ISO audits assess multiple processes or departments across the entire organization.

Vertical audits allow for a more detailed examination of a specific area, while horizontal audits provide a broader view of the organization's overall compliance with ISO standards. The choice between vertical and horizontal audits depends on the specific needs and goals of the organization.

ISO Implemented and maintained?

ISO audits are a vital part of maintaining quality management systems in businesses globally. These audits guarantee that companies adhere to ISO standards, satisfy customer requirements, and improve their overall operational efficiency.

ISO audits are implemented and sustained by a team of qualified internal auditors who evaluate the organization's performance against established benchmarks. The audit process involves scrutinizing policies, procedures, and documentation to ensure they meet the necessary criteria. Any non-compliance identified during the audit is reported, and corrective action is taken to enhance processes and procedures.

The advantages of implementing and maintaining ISO audits are numerous. Firstly, they aid organizations in identifying and minimizing potential risks, reducing waste, and optimizing processes.

Secondly, ISO audits aid in improving customer satisfaction by ensuring products and services meet their expectations.

Finally, ISO audits can assist organizations in saving time and money by streamlining their processes and reducing waste.

In conclusion, implementing and sustaining ISO audits is crucial for businesses that want to ensure compliance with quality standards and improve operational efficiency. It is a continuous process that necessitates ongoing attention and commitment to improve and maintain the organization's quality management system.

ISO compliance for small businesses

Our managed internal audit service is designed specifically for small businesses like yours. We focus on enhancing your information security and business continuity processes, ensuring you meet all necessary ISO compliance standards.

In today’s competitive market, compliance with ISO standards can give your business an edge. Our team of experts will work closely with you to understand your unique needs and provide tailored solutions. Let us help you make your business more resilient, secure, and ready for growth.

ISO and Tisax Internal Audit Clients

St Ann's Hospice Lottery Oracle Pionen Celerity DAS Acumen-bcp F&C DNV Market Dojo Sector Forensics behaviorally Unipart Wyser Myles Associates Italik