Halderstone Audit Services

Information Security Audits

Independent assessments of information security governance, management systems, controls, and compliance obligations

Halderstone Audit Services

Information Security Audits

Independent assessments of information security governance, management systems, controls, and compliance obligations

Auditor and data centre representative review technical security controls during an information security audit.

Understand whether your security controls work in practice

Assess whether responsibilities, risk treatment measures, controls, and monitoring activities are implemented effectively across your organisation.

Auditor and data centre representative review technical security controls during an information security audit.

Understand whether your security controls work in practice

Assess whether responsibilities, risk treatment measures, controls, and monitoring activities are implemented effectively across your organisation.

Auditor and data centre representative review technical security controls during an information security audit.
How we support you

How we support you

How we support you
Why Halderstone

Why Halderstone

Related advisory services

Related advisory services

Related training modules

Related training modules

How we support you

Information security depends on more than policies and technical tools. It requires clear responsibilities, risk-based controls, supplier oversight, incident readiness, and evidence that measures work in practice.

Independent audits help organisations understand whether information security governance, management systems, and security controls are designed appropriately and operating effectively.

Assessments can focus on entire information security management systems, selected business units, applications, services, suppliers, security controls, or specific regulatory obligations.

Audit contexts

  • Internal audits of your ISMS

  • Readiness assessments

  • Supplier security assessments

  • Security governance and control reviews

  • Regulatory compliance reviews

  • Integrated audits

Supported frameworks

  • ISO/IEC 27001 and ISO/IEC 27002

  • ISO/IEC 27005

  • NIST Cybersecurity Framework

  • CIS Controls

  • DORA

  • Organisation-specific information security frameworks

Business meeting with people sitting at a conference room table

Discuss your audit challenge

A short conversation to understand your current situation and discuss possible next steps.

Schedule a call

Business meeting with people sitting at a conference room table

Discuss your audit challenge

A short conversation to understand your current situation and discuss possible next steps.

Schedule a call

Business meeting with people sitting at a conference room table

Discuss your audit challenge

A short conversation to understand your current situation and discuss possible next steps.

Schedule a call

Why Halderstone

Our approach

  • Audit planning informed by risks, objectives, and the intended use of audit results

  • Audit activities aligned with recognized auditing principles and guidance, including ISO 19011 where appropriate

  • Findings based on objective evidence obtained through interviews, documentation review, observation, and sampling

  • Conclusions supported by corroboration across multiple evidence sources and audit methods

  • Practical reporting focused on decision-making, assurance, and continual improvement

What we deliberately do not do

  • Mandates that compromise auditor independence

  • Audit engagements where we influence the selection of samples, evidence, or interview partners

  • Conclusions based solely on interviews without corroborating evidence

Halderstone Academy

Related training modules

Halderstone Academy offers focused training modules on relevant audit capabilities.

View all modules

Halderstone Academy

Related training modules

Halderstone Academy offers focused training modules on relevant audit capabilities.

View all modules

Auditing Information Security Risk Management

Evaluate asset-threat-vulnerability logic, risk treatment decisions, and traceability to controls and the Statement of Applicability

7 h

Auditing Information Security Risk Management

Evaluate asset-threat-vulnerability logic, risk treatment decisions, and traceability to controls and the Statement of Applicability

7 h

Auditing Information Security Controls

Evaluate control applicability, implementation evidence and common failure patterns across ISO/IEC 27001 Annex A control themes

7 h

Auditing Information Security Controls

Evaluate control applicability, implementation evidence and common failure patterns across ISO/IEC 27001 Annex A control themes

7 h

Mechanisms of Information Security Controls

Understand how preventive, detective and corrective controls work together across access, cryptography, monitoring, incident response, backup and recovery

16 h

ISMS Scope & Statement of Applicability

Define clear ISO/IEC 27001 ISMS scope and boundaries and maintain a defensible Statement of Applicability (SoA)

7 h

Information Security Risk Management

Systematically assess, treat and document information security risks with traceable decisions in line with ISO/IEC 27001

7 h

Operational Control in Information Security

Plan, implement and operate information security controls consistently in day-to-day activities in line with ISO/IEC 27001

7 h

Auditing Context & Scope

Assess whether organisational context, interested parties, scope and system boundaries credibly reflect how the organisation operates

7 h

Auditing Leadership & Governance

Assess whether leadership commitment, policy direction and governance structures credibly steer the management system

7 h

Auditing Risk & Opportunity Management

Assess whether risk and opportunity management credibly informs organisational decisions and priorities

7 h

Auditing Context & Scope

Assess whether organisational context, interested parties, scope and system boundaries credibly reflect how the organisation operates

7 h

Auditing Context & Scope

Assess whether organisational context, interested parties, scope and system boundaries credibly reflect how the organisation operates

7 h

Auditing Leadership & Governance

Assess whether leadership commitment, policy direction and governance structures credibly steer the management system

7 h

Auditing Leadership & Governance

Assess whether leadership commitment, policy direction and governance structures credibly steer the management system

7 h

Auditing Risk & Opportunity Management

Assess whether risk and opportunity management credibly informs organisational decisions and priorities

7 h

Auditing Risk & Opportunity Management

Assess whether risk and opportunity management credibly informs organisational decisions and priorities

7 h

Auditing Documented Information

Assess whether documented information is fit for use, internally consistent and credible as audit evidence

7 h

Auditing Documented Information

Assess whether documented information is fit for use, internally consistent and credible as audit evidence

7 h

Auditing Objectives & Performance Evaluation

Assess whether objectives and KPIs credibly measure and steer organisational performance

7 h

Auditing Objectives & Performance Evaluation

Assess whether objectives and KPIs credibly measure and steer organisational performance

7 h

Auditing Operational Control

Assess whether operational controls and process interactions work reliably in day-to-day practice

7 h

Auditing Operational Control

Assess whether operational controls and process interactions work reliably in day-to-day practice

7 h

Auditing Supplier & Outsourcing Management

Assess whether supplier and outsourced process controls manage risk effectively and achieve intended outcomes across organisational boundaries

7 h

Auditing Supplier & Outsourcing Management

Assess whether supplier and outsourced process controls manage risk effectively and achieve intended outcomes across organisational boundaries

7 h

Leading with Management Systems

Use management systems to drive performance, risk control and organisational credibility beyond certification

1.5 h

Leading with Management Systems in Practice

Apply executive judgement to turn management systems into drivers of reliability, trust and strategic performance

3 h

System Framing

Analyse organisational context, stakeholders and system boundaries to support effective management systems

7 h

System Leadership

Define clear policy direction and accountability through effective leadership responsibilities in management systems

7 h

Policy Management

Design coherent, auditable policy frameworks that align with strategy, scale across entities, and stay current without excess bureaucracy

7 h

Governance Design

Build the decision rights, governance meetings, escalation paths and evidence trails that make management systems work in practice

12 h

Resource Management

Ensure management systems are supported with sufficient people, time, budget, infrastructure and external support

7 h

Office scene with people standing, walking and sitting

Ready to improve your management systems?

We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.

Contact us

Office scene with people standing, walking and sitting

Ready to improve your management systems?

We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.

Contact us

Office scene with people standing, walking and sitting

Ready to improve your management systems?

We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.

Contact us

Explore Halderstone

Explore Halderstone

Explore Halderstone