Independent internal audit for your information security management system.

ISO/IEC 27001:2022 requires organisations to conduct internal audits of their ISMS at planned intervals. Done well, internal audit is one of the most valuable inputs to your management review cycle. Done poorly, it is a compliance checkbox that adds no value and misses real issues.

Assurance Bureau delivers ISO 27001 internal audits that are independent, evidence-based, and genuinely useful to the organisations we work with.

What is an ISO 27001 Internal Audit?

An ISO 27001 internal audit is a formal assessment of your ISMS against the requirements of ISO/IEC 27001:2022. It covers both the management system clauses (Clauses 4 to 10) and the Annex A controls applicable to your organisation, producing a findings register that supports management review and continual improvement.

Our services

• Standalone Internal Audit - independent delivery of your ISO 27001 internal audit against Clauses 4 to 10 and applicable Annex A controls, producing a formal findings register and audit report

• Internal Audit Program Setup - development of your internal audit program, methodology, schedule, and templates for organisations that have no existing internal audit function or need to uplift their current approach

• Pre-Certification Internal Audit - targeted internal audit ahead of Stage 2 certification to identify and address conformance gaps before your certification body arrives

• Surveillance Readiness Audit - independent review of your ISMS ahead of surveillance to confirm ongoing conformance and identify any areas requiring attention

Who this is for

• Organisations preparing for ISO 27001 certification and needing an independent internal audit

• Certified organisations approaching surveillance or recertification

• Organisations with no internal audit function or methodology needing program setup support

• Organisations that have been conducting internal audits internally and want independent external delivery for objectivity and rigour

Sector experience

Assurance Bureau has delivered ISO 27001 audit and advisory services across:

• Government and government-adjacent organisations

• Healthcare and primary health networks

• Education providers and registered training organisations

• Financial services

• Telecommunications

Why Assurance Bureau

• Deep familiarity with certification body expectations at Stage 2 and surveillance, including experience making certification recommendations as lead auditor on JAS-ANZ accredited ISO 27001 certification audits

• ISO 27001:2022 Lead Auditor and Senior Lead Implementer credentials

• Experience conducting ISO 27001 audits on behalf of certification bodies and internal audit clients across government, healthcare, education, financial services, and telecommunications

• Independent of the organisations we audit, ensuring objective and unbiased findings

Get in touch

Ready to discuss your ISO 27001 internal audit requirements? Contact us to arrange a no-obligation scoping conversation.