Capability domain
Assurance, Audit & Evidence
Evaluate whether governance and controls work in practice through monitoring, evidence, and review
Overview
The Halderstone Capability Framework defines six core capabilities required to design, operate, and improve management systems.
Overview
The Halderstone Capability Framework defines six core capabilities required to design, operate, and improve management systems.
This capability domain focuses on evaluating whether governance structures and operational controls function as intended.
It covers the mechanisms used to generate evidence, assess system effectiveness, and provide structured oversight through monitoring, audits, and management reviews. Topics include audit practices, monitoring and measurement methods, evidence design, and evaluation techniques that support credible assurance.
The goal is to provide decision-makers with reliable insight into whether systems operate effectively and where improvement or intervention is required.
Halderstone Advisory
Advisory services in assurance
Halderstone Advisory
Advisory services in assurance
Halderstone Academy
Training modules on assurance
Halderstone Academy
Training modules on assurance
Objectives & Performance Management
Define & govern management system objectives and KPIs with clarity and consistency
Duration
7 h
List price
CHF 550
View module
Monitoring & Measurement
Design and run monitoring activities and measurement methods to generate reliable performance data for evaluation and improvement
Duration
7 h
List price
CHF 550
View module
Internal Auditing
Plan, perform and use internal audits effectively to support governance and improvement
Duration
7 h
List price
CHF 550
View module
Management Review
Conduct effective management reviews with structured inputs, clear decisions & audit-ready evidence
Duration
7 h
List price
CHF 550
View module
Improvement Management
Build disciplined corrective action and continual improvement through root cause analysis, action planning, implementation & effectiveness verification
Duration
7 h
List price
CHF 550
View module
Audit Principles
Apply evidence-based audit reasoning, materiality-focused prioritisation & structured audit test planning
Duration
7 h
List price
CHF 550
View module
Audit Communication & Interviewing
Plan and conduct effective audit interviews, use structured questioning, and guide conversations to obtain reliable audit evidence
Duration
7 h
List price
CHF 550
View module
Audit Reporting & Follow-up
Formulate evidence-based audit findings, structure clear audit reports, and verify the effective closure of agreed actions
Duration
7 h
List price
CHF 550
View module
Audit Programme Management
Design & govern risk-informed audit programmes, decide when audits should be combined or kept separate across standards, harmonise group-level structures, and structure programme-level reporting
Duration
7 h
List price
CHF 550
View module
Supplier Auditing
Plan and conduct supplier audits using contract-based criteria, defined evidence targets & disciplined audit documentation
Duration
7 h
List price
CHF 550
View module
Third-Party Auditing
Navigate accreditation, the certification ecosystem, the audit lifecycle, impartiality boundaries & certification decision interfaces
Duration
7 h
List price
CHF 550
View module
Product Design & Development Control
Control product design and development, produce the required evidence, and manage design changes effectively
Duration
7 h
List price
CHF 550
View module
Service Design & Development Control
Control service design and development, produce required evidence, and manage changes in line with ISO 9001 Clause 8.3
Duration
7 h
List price
CHF 550
View module
Business Continuity Preparedness & Response
Structure continuity plans, define response roles and communications, and design exercises aligned with continuity requirements
Duration
7 h
List price
CHF 550
View module
Environmental Emergency Preparedness & Response
Establish effective arrangements for environmental emergencies through defined response plans, drills & post-incident learning
Duration
7 h
List price
CHF 550
View module
Auditing Context & Scope
Assess whether organisational context, interested parties, scope and system boundaries credibly reflect how the organisation operates
Duration
7 h
List price
CHF 550
View module
Auditing Leadership & Governance
Assess whether leadership commitment, policy direction & governance structures credibly steer the management system
Duration
7 h
List price
CHF 550
View module
Auditing Risk & Opportunity Management
Assess whether risk and opportunity management credibly informs organisational decisions and priorities
Duration
7 h
List price
CHF 550
View module
Auditing Documented Information
Assess whether documented information is fit for use, internally consistent and credible as audit evidence
Duration
7 h
List price
CHF 550
View module
Auditing Objectives & Performance Evaluation
Assess whether objectives and KPIs credibly measure and steer organisational performance
Duration
7 h
List price
CHF 550
View module
Auditing Operational Control
Assess whether operational controls and process interactions work reliably in day-to-day practice
Duration
7 h
List price
CHF 550
View module
Auditing Supplier & Outsourcing Management
Assess whether supplier and outsourced process controls manage risk effectively and achieve intended outcomes across organisational boundaries
Duration
7 h
List price
CHF 550
View module
Auditing Internal Audit & Assurance
Assess whether internal audit and related assurance mechanisms cover risk credibly and provide meaningful assurance
Duration
7 h
List price
CHF 550
View module
Auditing Management Review
Assess whether management review credibly steers organisational priorities, risks & improvement
Duration
7 h
List price
CHF 550
View module
Auditing Improvement Management
Assess whether corrective action addresses nonconformities effectively and whether continual improvement strengthens performance beyond nonconformity response
Duration
7 h
List price
CHF 550
View module
Auditing Customer Requirements & Communication Management
Evaluate whether customer requirements are defined, agreed, controlled and traceable from commitment through delivery in an ISO 9001 QMS
Duration
7 h
List price
CHF 550
View module
Auditing Product & Service Development
Assess controls, validation and effectiveness in product and service design & development against ISO 9001 requirements
Duration
7 h
List price
CHF 550
View module
Auditing Production & Service Provision
Assess whether production & service provision are controlled, monitored and capable of delivering consistent outcomes in an ISO 9001 QMS
Duration
7 h
List price
CHF 550
View module
Auditing Information Security Risk Management
Evaluate asset-threat-vulnerability logic, risk treatment decisions, and traceability to controls and the Statement of Applicability
Duration
7 h
List price
CHF 550
View module
Auditing Information Security Controls
Evaluate control applicability, implementation evidence & common failure patterns across ISO/IEC 27001 Annex A control themes
Duration
7 h
List price
CHF 550
View module
Auditing AI Risk & Impact Management
Evaluate harm, impact & risk reasoning, intended use alignment, and decision traceability in ISO/IEC 42001
Duration
7 h
List price
CHF 550
View module
Auditing AI Lifecycle & Data Governance Controls
Evaluate lifecycle and data governance controls across data sourcing, training, validation, deployment, monitoring, and change in ISO/IEC 42001
Duration
7 h
List price
CHF 550
View module
Auditing Environmental Aspects & Impacts Assessment
Assess whether environmental aspects are identified, significance is judged credibly, and lifecycle perspective is applied in an ISO 14001 EMS
Duration
7 h
List price
CHF 550
View module
Auditing Environmental Operational Control
Assess whether environmental operational controls and emergency preparedness work effectively within an ISO 14001 management system
Duration
7 h
List price
CHF 550
View module
Auditing Business Impact Analysis
Assess whether business impact analyses produce credible recovery priorities and recovery objectives in an ISO 22301 BCMS
Duration
7 h
List price
CHF 550
View module
Auditing Business Continuity Implementation & Readiness
Evaluate whether continuity strategies, operational readiness and exercising provide credible recovery capability in an ISO 22301 BCMS
Duration
7 h
List price
CHF 550
View module
Auditing Privacy Risk & Impact Assessment
Evaluate whether privacy risk assessments and DPIAs produce credible risk understanding and prioritisation in an ISO/IEC 27701 PIMS
Duration
7 h
List price
CHF 550
View module
Auditing Operational Privacy Controls
Evaluate whether privacy controls are implemented effectively and applied consistently across personal data processing activities
Duration
7 h
List price
CHF 550
View module
Objectives & Performance Management
Define & govern management system objectives and KPIs with clarity and consistency
Duration
7 h
List price
CHF 550
View module
Monitoring & Measurement
Design and run monitoring activities and measurement methods to generate reliable performance data for evaluation and improvement
Duration
7 h
List price
CHF 550
View module
Internal Auditing
Plan, perform and use internal audits effectively to support governance and improvement
Duration
7 h
List price
CHF 550
View module
Management Review
Conduct effective management reviews with structured inputs, clear decisions & audit-ready evidence
Duration
7 h
List price
CHF 550
View module
Improvement Management
Build disciplined corrective action and continual improvement through root cause analysis, action planning, implementation & effectiveness verification
Duration
7 h
List price
CHF 550
View module
Audit Principles
Apply evidence-based audit reasoning, materiality-focused prioritisation & structured audit test planning
Duration
7 h
List price
CHF 550
View module
Audit Communication & Interviewing
Plan and conduct effective audit interviews, use structured questioning, and guide conversations to obtain reliable audit evidence
Duration
7 h
List price
CHF 550
View module
Audit Reporting & Follow-up
Formulate evidence-based audit findings, structure clear audit reports, and verify the effective closure of agreed actions
Duration
7 h
List price
CHF 550
View module
Audit Programme Management
Design & govern risk-informed audit programmes, decide when audits should be combined or kept separate across standards, harmonise group-level structures, and structure programme-level reporting
Duration
7 h
List price
CHF 550
View module
Supplier Auditing
Plan and conduct supplier audits using contract-based criteria, defined evidence targets & disciplined audit documentation
Duration
7 h
List price
CHF 550
View module
Third-Party Auditing
Navigate accreditation, the certification ecosystem, the audit lifecycle, impartiality boundaries & certification decision interfaces
Duration
7 h
List price
CHF 550
View module
Product Design & Development Control
Control product design and development, produce the required evidence, and manage design changes effectively
Duration
7 h
List price
CHF 550
View module
Service Design & Development Control
Control service design and development, produce required evidence, and manage changes in line with ISO 9001 Clause 8.3
Duration
7 h
List price
CHF 550
View module
Business Continuity Preparedness & Response
Structure continuity plans, define response roles and communications, and design exercises aligned with continuity requirements
Duration
7 h
List price
CHF 550
View module
Environmental Emergency Preparedness & Response
Establish effective arrangements for environmental emergencies through defined response plans, drills & post-incident learning
Duration
7 h
List price
CHF 550
View module
Auditing Context & Scope
Assess whether organisational context, interested parties, scope and system boundaries credibly reflect how the organisation operates
Duration
7 h
List price
CHF 550
View module
Auditing Leadership & Governance
Assess whether leadership commitment, policy direction & governance structures credibly steer the management system
Duration
7 h
List price
CHF 550
View module
Auditing Risk & Opportunity Management
Assess whether risk and opportunity management credibly informs organisational decisions and priorities
Duration
7 h
List price
CHF 550
View module
Auditing Documented Information
Assess whether documented information is fit for use, internally consistent and credible as audit evidence
Duration
7 h
List price
CHF 550
View module
Auditing Objectives & Performance Evaluation
Assess whether objectives and KPIs credibly measure and steer organisational performance
Duration
7 h
List price
CHF 550
View module
Auditing Operational Control
Assess whether operational controls and process interactions work reliably in day-to-day practice
Duration
7 h
List price
CHF 550
View module
Auditing Supplier & Outsourcing Management
Assess whether supplier and outsourced process controls manage risk effectively and achieve intended outcomes across organisational boundaries
Duration
7 h
List price
CHF 550
View module
Auditing Internal Audit & Assurance
Assess whether internal audit and related assurance mechanisms cover risk credibly and provide meaningful assurance
Duration
7 h
List price
CHF 550
View module
Auditing Management Review
Assess whether management review credibly steers organisational priorities, risks & improvement
Duration
7 h
List price
CHF 550
View module
Auditing Improvement Management
Assess whether corrective action addresses nonconformities effectively and whether continual improvement strengthens performance beyond nonconformity response
Duration
7 h
List price
CHF 550
View module
Auditing Customer Requirements & Communication Management
Evaluate whether customer requirements are defined, agreed, controlled and traceable from commitment through delivery in an ISO 9001 QMS
Duration
7 h
List price
CHF 550
View module
Auditing Product & Service Development
Assess controls, validation and effectiveness in product and service design & development against ISO 9001 requirements
Duration
7 h
List price
CHF 550
View module
Auditing Production & Service Provision
Assess whether production & service provision are controlled, monitored and capable of delivering consistent outcomes in an ISO 9001 QMS
Duration
7 h
List price
CHF 550
View module
Auditing Information Security Risk Management
Evaluate asset-threat-vulnerability logic, risk treatment decisions, and traceability to controls and the Statement of Applicability
Duration
7 h
List price
CHF 550
View module
Auditing Information Security Controls
Evaluate control applicability, implementation evidence & common failure patterns across ISO/IEC 27001 Annex A control themes
Duration
7 h
List price
CHF 550
View module
Auditing AI Risk & Impact Management
Evaluate harm, impact & risk reasoning, intended use alignment, and decision traceability in ISO/IEC 42001
Duration
7 h
List price
CHF 550
View module
Auditing AI Lifecycle & Data Governance Controls
Evaluate lifecycle and data governance controls across data sourcing, training, validation, deployment, monitoring, and change in ISO/IEC 42001
Duration
7 h
List price
CHF 550
View module
Auditing Environmental Aspects & Impacts Assessment
Assess whether environmental aspects are identified, significance is judged credibly, and lifecycle perspective is applied in an ISO 14001 EMS
Duration
7 h
List price
CHF 550
View module
Auditing Environmental Operational Control
Assess whether environmental operational controls and emergency preparedness work effectively within an ISO 14001 management system
Duration
7 h
List price
CHF 550
View module
Auditing Business Impact Analysis
Assess whether business impact analyses produce credible recovery priorities and recovery objectives in an ISO 22301 BCMS
Duration
7 h
List price
CHF 550
View module
Auditing Business Continuity Implementation & Readiness
Evaluate whether continuity strategies, operational readiness and exercising provide credible recovery capability in an ISO 22301 BCMS
Duration
7 h
List price
CHF 550
View module
Auditing Privacy Risk & Impact Assessment
Evaluate whether privacy risk assessments and DPIAs produce credible risk understanding and prioritisation in an ISO/IEC 27701 PIMS
Duration
7 h
List price
CHF 550
View module
Auditing Operational Privacy Controls
Evaluate whether privacy controls are implemented effectively and applied consistently across personal data processing activities
Duration
7 h
List price
CHF 550
View module
Objectives & Performance Management
Define & govern management system objectives and KPIs with clarity and consistency
Duration
7 h
List price
CHF 550
View module
Monitoring & Measurement
Design and run monitoring activities and measurement methods to generate reliable performance data for evaluation and improvement
Duration
7 h
List price
CHF 550
View module
Internal Auditing
Plan, perform and use internal audits effectively to support governance and improvement
Duration
7 h
List price
CHF 550
View module
Management Review
Conduct effective management reviews with structured inputs, clear decisions & audit-ready evidence
Duration
7 h
List price
CHF 550
View module
Improvement Management
Build disciplined corrective action and continual improvement through root cause analysis, action planning, implementation & effectiveness verification
Duration
7 h
List price
CHF 550
View module
Audit Principles
Apply evidence-based audit reasoning, materiality-focused prioritisation & structured audit test planning
Duration
7 h
List price
CHF 550
View module
Audit Communication & Interviewing
Plan and conduct effective audit interviews, use structured questioning, and guide conversations to obtain reliable audit evidence
Duration
7 h
List price
CHF 550
View module
Audit Reporting & Follow-up
Formulate evidence-based audit findings, structure clear audit reports, and verify the effective closure of agreed actions
Duration
7 h
List price
CHF 550
View module
Audit Programme Management
Design & govern risk-informed audit programmes, decide when audits should be combined or kept separate across standards, harmonise group-level structures, and structure programme-level reporting
Duration
7 h
List price
CHF 550
View module
Supplier Auditing
Plan and conduct supplier audits using contract-based criteria, defined evidence targets & disciplined audit documentation
Duration
7 h
List price
CHF 550
View module
Third-Party Auditing
Navigate accreditation, the certification ecosystem, the audit lifecycle, impartiality boundaries & certification decision interfaces
Duration
7 h
List price
CHF 550
View module
Product Design & Development Control
Control product design and development, produce the required evidence, and manage design changes effectively
Duration
7 h
List price
CHF 550
View module
Service Design & Development Control
Control service design and development, produce required evidence, and manage changes in line with ISO 9001 Clause 8.3
Duration
7 h
List price
CHF 550
View module
Business Continuity Preparedness & Response
Structure continuity plans, define response roles and communications, and design exercises aligned with continuity requirements
Duration
7 h
List price
CHF 550
View module
Environmental Emergency Preparedness & Response
Establish effective arrangements for environmental emergencies through defined response plans, drills & post-incident learning
Duration
7 h
List price
CHF 550
View module
Auditing Context & Scope
Assess whether organisational context, interested parties, scope and system boundaries credibly reflect how the organisation operates
Duration
7 h
List price
CHF 550
View module
Auditing Leadership & Governance
Assess whether leadership commitment, policy direction & governance structures credibly steer the management system
Duration
7 h
List price
CHF 550
View module
Auditing Risk & Opportunity Management
Assess whether risk and opportunity management credibly informs organisational decisions and priorities
Duration
7 h
List price
CHF 550
View module
Auditing Documented Information
Assess whether documented information is fit for use, internally consistent and credible as audit evidence
Duration
7 h
List price
CHF 550
View module
Auditing Objectives & Performance Evaluation
Assess whether objectives and KPIs credibly measure and steer organisational performance
Duration
7 h
List price
CHF 550
View module
Auditing Operational Control
Assess whether operational controls and process interactions work reliably in day-to-day practice
Duration
7 h
List price
CHF 550
View module
Auditing Supplier & Outsourcing Management
Assess whether supplier and outsourced process controls manage risk effectively and achieve intended outcomes across organisational boundaries
Duration
7 h
List price
CHF 550
View module
Auditing Internal Audit & Assurance
Assess whether internal audit and related assurance mechanisms cover risk credibly and provide meaningful assurance
Duration
7 h
List price
CHF 550
View module
Auditing Management Review
Assess whether management review credibly steers organisational priorities, risks & improvement
Duration
7 h
List price
CHF 550
View module
Auditing Improvement Management
Assess whether corrective action addresses nonconformities effectively and whether continual improvement strengthens performance beyond nonconformity response
Duration
7 h
List price
CHF 550
View module
Auditing Customer Requirements & Communication Management
Evaluate whether customer requirements are defined, agreed, controlled and traceable from commitment through delivery in an ISO 9001 QMS
Duration
7 h
List price
CHF 550
View module
Auditing Product & Service Development
Assess controls, validation and effectiveness in product and service design & development against ISO 9001 requirements
Duration
7 h
List price
CHF 550
View module
Auditing Production & Service Provision
Assess whether production & service provision are controlled, monitored and capable of delivering consistent outcomes in an ISO 9001 QMS
Duration
7 h
List price
CHF 550
View module
Auditing Information Security Risk Management
Evaluate asset-threat-vulnerability logic, risk treatment decisions, and traceability to controls and the Statement of Applicability
Duration
7 h
List price
CHF 550
View module
Auditing Information Security Controls
Evaluate control applicability, implementation evidence & common failure patterns across ISO/IEC 27001 Annex A control themes
Duration
7 h
List price
CHF 550
View module
Auditing AI Risk & Impact Management
Evaluate harm, impact & risk reasoning, intended use alignment, and decision traceability in ISO/IEC 42001
Duration
7 h
List price
CHF 550
View module
Auditing AI Lifecycle & Data Governance Controls
Evaluate lifecycle and data governance controls across data sourcing, training, validation, deployment, monitoring, and change in ISO/IEC 42001
Duration
7 h
List price
CHF 550
View module
Auditing Environmental Aspects & Impacts Assessment
Assess whether environmental aspects are identified, significance is judged credibly, and lifecycle perspective is applied in an ISO 14001 EMS
Duration
7 h
List price
CHF 550
View module
Auditing Environmental Operational Control
Assess whether environmental operational controls and emergency preparedness work effectively within an ISO 14001 management system
Duration
7 h
List price
CHF 550
View module
Auditing Business Impact Analysis
Assess whether business impact analyses produce credible recovery priorities and recovery objectives in an ISO 22301 BCMS
Duration
7 h
List price
CHF 550
View module
Auditing Business Continuity Implementation & Readiness
Evaluate whether continuity strategies, operational readiness and exercising provide credible recovery capability in an ISO 22301 BCMS
Duration
7 h
List price
CHF 550
View module
Auditing Privacy Risk & Impact Assessment
Evaluate whether privacy risk assessments and DPIAs produce credible risk understanding and prioritisation in an ISO/IEC 27701 PIMS
Duration
7 h
List price
CHF 550
View module
Auditing Operational Privacy Controls
Evaluate whether privacy controls are implemented effectively and applied consistently across personal data processing activities
Duration
7 h
List price
CHF 550
View module
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.