Brier & Thorn's Internal Audits service provides ISO 27001-aligned auditing of an organization's Information Security Management System (ISMS). The service is delivered by certified auditors and follows a structured, multi-phase methodology. The audit process includes: - Planning and Scoping: Collaboration with the client to define ISMS context and audit scope. - Documentation Review: Examination of ISMS documentation, policies, procedures, and risk assessments against ISO 27001 requirements. - On-Site Interviews and Evidence Gathering: Interviews with key personnel, observation of security practices, and collection of supporting evidence. - Findings and Reporting: Delivery of a comprehensive report detailing non-conformities, observations, and improvement recommendations. - Management Review and Corrective Action: Collaborative review of audit findings with the client to prioritize and schedule corrective actions. - Ongoing Support: Continued guidance to support corrective action implementation and ISMS continuous improvement. The service is positioned as an independent, third-party assessment, providing an objective evaluation of ISMS compliance and effectiveness. It targets organizations seeking to maintain or achieve ISO 27001 certification, reduce security risk, and improve operational efficiency of their security programs.