Advisory & Uplift

Assurance Bureau provides advisory and uplift services, including ISO-aligned governance and risk consulting, to organisations preparing for ISO/IEC 27001, ISO 9001, and ISO/IEC 42001 certification and surveillance audits.

These services are suited to organisations establishing, improving, or remediating management systems, and that require practical, audit-defensible governance uplift rather than template-based compliance.

Advisory services focus on strengthening governance, risk management, and management system design, and are delivered with a clear separation from assurance activities to preserve independence and audit integrity.

ISMS Design & Uplift

Advisory support is provided to help organisations design, improve, or rationalise management systems aligned to recognised standards.

This includes uplift of existing systems as well as design support for organisations establishing an ISMS or related management system for the first time.

Typical activities include:

  • Management system structure and documentation design

  • Policy and procedure development or rationalisation

  • Statement of Applicability (SoA) development and review

  • Governance structures, roles, and responsibilities aligned to standard requirements

The focus is on systems that are usable in practice and defensible under audit.

Audit Readiness & Remediation

Audit readiness support helps organisations identify and address gaps prior to certification, surveillance, or recertification audits.

This service is intended to reduce audit risk by ensuring that known issues are understood, prioritised, and addressed before an external assessment.

Typical activities include:

  • Pre-audit readiness reviews

  • Gap analysis against applicable standards

  • Review of corrective actions and remediation plans

  • Evidence and records review

Risk Assessment & Treatment Advisory

Risk advisory services support organisations in establishing or improving risk assessment and treatment processes aligned to management system requirements.

Support focuses on governance-level risk processes rather than technical implementation.

Typical activities include:

  • Risk assessment methodology design or review

  • Facilitation of risk identification and assessment workshops

  • Risk treatment planning and alignment to controls

  • Review of risk registers and risk acceptance processes

Risk ownership and decision-making remain with the organisation.

Engagement Model

Advisory engagements are typically delivered as fixed-scope or time-boxed activities aligned to clearly defined outcomes.

Services may be delivered directly to organisations or through delivery partners, depending on engagement context and requirements.

Professional Boundaries

Advisory and uplift services are delivered with appropriate professional boundaries to preserve independence, objectivity, and audit integrity.

Where required, organisations may engage separate providers for technical implementation or managed services.

Contact