Audits & Reviews

Independent auditing is essential for maintaining the health of your compliance programmes and understanding risk in your supply chain. Whether you need internal audits for your management systems or assessments of your critical suppliers, an objective external perspective adds real value.

Internal audits

ISO standards require regular internal audits to verify that your management system is working as intended. But internal audits are more than a compliance checkbox—they’re an opportunity to identify improvements before external auditors or real incidents do.

What I provide

• ISO 27001 internal audits - Full ISMS audits or targeted reviews of specific controls
• ISO 22301 internal audits - Business continuity management system assessments
• ISO 9001 internal audits - Quality management system reviews
• Integrated audits - For organisations running multiple management systems

Each audit includes:

• Structured assessment against standard requirements
• Identification of nonconformities and observations
• Practical recommendations for improvement
• Clear audit report for management review

Why use an external auditor?

Your internal team knows your systems well—that’s both a strength and a limitation. External auditors bring:

• Fresh perspective unclouded by familiarity
• Independence from internal politics and assumptions
• Broader experience from seeing how other organisations operate
• Credibility with certification bodies and stakeholders

Supplier assessments

Your security is only as strong as your weakest supplier. As organisations rely more on third parties for critical services, understanding supplier risk becomes essential.

What I provide

• Security questionnaire review - Assessment of supplier responses against your requirements
• On-site or remote assessments - Detailed review of supplier controls
• Due diligence support - Pre-contract assessment of potential suppliers
• Ongoing monitoring frameworks - Structures for managing supplier risk over time

Typical focus areas

• Information security controls
• Business continuity arrangements
• Data protection practices
• Access management
• Incident response capability
• Subcontractor management

Audit readiness reviews

Facing an upcoming certification audit? A readiness review identifies gaps before your auditor does—giving you time to address issues rather than explaining them.

I’ll conduct a realistic assessment using the same approach certification auditors use, and give you a clear picture of your readiness with actionable recommendations.

What to expect

Internal audits typically take 2-5 days depending on scope, followed by a written report. I’ll discuss findings with you before finalising, ensuring accuracy and giving you early sight of significant issues.

Supplier assessments vary based on the depth required—from desk-based reviews taking a day or two, to comprehensive on-site assessments requiring a week or more.

Common questions

How often should we conduct internal audits? ISO standards require the entire management system to be audited within each certification cycle (typically three years), with most organisations spreading this across annual audit programmes. High-risk areas warrant more frequent attention.

Can you audit us before our certification audit? Yes—audit readiness reviews are designed exactly for this. Timing them 4-8 weeks before certification gives you time to address any findings.

What qualifications do you hold for auditing? I hold relevant auditor certifications and have conducted audits across multiple sectors. I’m happy to discuss specific qualifications and experience relevant to your needs.

Will you fail us? Internal audits don’t have pass/fail outcomes—they identify conformities, nonconformities, and opportunities for improvement. The goal is to help you improve, not to catch you out.