We strongly believe that anyone involved in any form of Information Security auditing must themselves have experience of implementing it. It is only with the experience of managing large networks or information security projects that an auditor can provide a clear and useful audit report. Computing is a fast moving industry so without the knowledge an auditor may struggle to understand your set up and identify the issues that matter. Whilst an ISMS audit is not entirely based on IT systems, it is the core of such a system and therefore must be correctly approached.
Our auditors will always give constructive observations during the audit and will never seek to raise issues for the sake of it. We come in with no preconceptions of aiming to find no concerns or worst still insist on finding problems to reach some arbitrary target.
For an informed, friendly chat about what the process involves please get in touch.