Completing my first audit as a security consultant was a real step into the unknown after transitioning careers to work for Periculo. My first experience was a four and a half day remote audit that packed in ISO 9001 recertification and a combined surveillance and transition audit for ISO 27001 from the 2013 to the 2022 standard. It wasn’t simple - each day ran from 09:30 to 15:30, filled with rigorous testing of controls, documentation reviews, and real-time evidence requests - all whilst trying to maintain the requirements of my normal day job with other clients.
While each audit is undoubtedly going to be unique, the challenges faced and the lessons learned during this first experience will undoubtedly shape how I approach future engagements.
The audit began with an opening meeting, setting the tone for the days ahead. It provided clarity on what the auditor expected and how we would proceed. Top management joined for this, to show their commitment and interest in compliance with the standards which was well received by the auditor.
For ISO 9001, the focus was on the company’s quality management processes, ensuring they aligned with certification requirements. The ISO 27001 audit, being both a surveillance and transition review, delved deeper into controls and their alignment with the updated 2022 standard.
Every aspect of the audit required thorough evidence backed by policy or procedure. The auditor left no stone unturned, reviewing examples of real-world and sometimes real-time implementations. A key challenge was ensuring that the evidence not only met the standards but was presented in a clear, logical manner.
It culminated in a closing meeting where the positives and negatives from the week were laid out to us as consultants, and also the top management who were there. It allowed us to see the path to continued certification in a year's time - and what obstacles laid ahead of us.
As an ISMS/QMS tool, Harpe was invaluable. It allowed us to logically organise and present evidence, attach relevant files, and comment on specific items, linking everything back to the relevant policies stored in the Docs tab. What stood out was Harpe’s bespoke auditor role, which gave the auditor independent access to explore documentation and evidence.
This setup meant that the time spent on calls could be focused on discussing critical findings, while the auditor could independently dig deeper into areas of interest. Harpe not only streamlined the process but also showcased the value of having a robust system in place for audits.
Conducting the entire audit remotely was an experience in itself. While it offered convenience, it also required meticulous preparation to ensure that all evidence was easily accessible and that technology worked seamlessly. The remote format demanded heightened attention to detail and communication, as any hiccup could delay the process.
This first audit was a whirlwind, but it was also immensely rewarding. It reinforced my passion for this field and gave me the confidence to tackle future audits with greater skill and efficiency. I’m eager to apply these lessons to other clients, refining my approach to ensure smoother, more professional engagements.
Ultimately, this experience has fueled my ambition to become the lead for audits here at Periculo. With each engagement, I hope to further solidify our reputation for excellence in navigating the complexities of ISO standards.
Imagine walking into your next ISO audit knowing you’re fully prepared—your evidence is airtight, your policies are tailored, and your processes reflect your organisation’s unique needs. At Periculo, we don’t just guide you through compliance; we help you build a system that secures your future certifications with ease.
👉 Let’s Start Today: Book a strategy call to see how we can simplify your audit preparation and safeguard your organisation’s compliance journey.
Your next success story begins here. Schedule Your Call or Contact Us Now
Contact Periculo for expert cyber security solutions tailored to the digital health industry.