JDA Advisory

Audit ISO 27001 ISMS

Audit ISO 27001 ISMS – Ensure the highest level of information security within your company.

Carry out a comprehensive ISO 27001 audit to help identify and eliminate threats to your data – Audit ISO 27001 ISMS

Audit ISO 27001 ISMS – Full compliance with the ISO 27001 standard.

We provide a thorough assessment of security management processes, leading to effective data protection and risk minimisation.

Audit ISO 27001 ISMS – Optimisation of information security systems.

Our analysis enables us to streamline procedures, thereby improving efficiency and resilience.

Audit ISO 27001 ISMS – Support in meeting regulatory requirements.

We help organisations comply with current regulations, thereby strengthening their credibility and market position.

Our ISO 27001 audit services

We offer comprehensive ISO 27001 compliance audit services to help you protect your data and improve your security systems.

Preliminary analysis – GAP

We carry out a detailed assessment of the current security processes within your organisation.

Risk assessment

We identify and analyse potential threats to information security.

Report and recommendations

We provide a detailed report on the results, along with practical advice on how to improve the management system.

How does an ISO 27001 audit work?

We outline the detailed ISO 27001 audit process to help organisations effectively identify and improve their information security practices.

Step one: Preliminary analysis

We begin by assessing existing security systems to determine the current level of compliance with the ISO 27001 standard.

Step two: Conducting an audit

We thoroughly review procedures and processes to identify risks and areas for improvement within the information security management system.

Step three: Report and recommendations

We present a detailed report on the audit findings, along with practical guidance to help you achieve full compliance with the ISO 27001 standard.

ISO 27001:2022

Methodology for conducting ISO 27001 audits

A comprehensive, professional, and ready-to-use methodology for conducting ISO 27001 audits by JDA Advisory.

General principles

The ISO 27001 audit conducted by JDA Advisory is a comprehensive assessment of the information security management system (ISMS), covering compliance with the standard, process maturity, the effectiveness of controls and the actual level of risk. The methodology combines:

  • ISO/IEC 27001:2022 requirements
  • best practices from ENISA, NIST and OWASP
  • sector-specific experience (banking, fintech, insurance, ICT, manufacturing, SaaS)
  • an evidence-based approach, grounded in evidence and measurable indicators

Stages of the ISO 27001 audit

Audit preparation and plan

Objective: to gain a full understanding of the organisation’s context and the scope of the ISMS.

Scope of activities:

  • analysis of preliminary documents (policies, registers, Statement of Approach, risk analysis, process map)
  • identification of critical areas and supporting processes
  • definition of the audit scope (sites, systems, processes, suppliers)
  • Preparation of the Audit Plan:
    • objectives and criteria
    • timetable
    • list of processes and owners
    • required evidence
    • audit methods and techniques

Products:

  • ISO 27001 Audit Plan
  • Evidence Request List
  • Schedule of meetings with process owners

Documentation review (Stage 1)

Objective: to assess the completeness and adequacy of the ISMS documentation.

Scope:

  • information security policy
  • risk analysis and methodology
  • asset registers
  • information classification
  • operational procedures
  • policies on access, cryptography, backup, logging and business continuity

Techniques:

  • gap analysis
  • assessment of the documentation’s compliance with the standard’s requirements
  • assessment of consistency between documents

Products:

  • Documentation Review Report
  • List of non-conformities and areas for improvement
  • Updated list of evidence for the operational audit

Operational audit (Stage 2)

Objective: to assess the actual functioning of the ISMS and the effectiveness of controls.

Scope:

  • interviews with process owners
  • review of operational evidence
  • control tests (sampling)
  • analysis of logs, configurations and incident records
  • process evaluation:
    • incident management
    • change management
    • access management
    • backup and recovery
    • monitoring and logging
    • supplier management
    • business continuity

Techniques:

  • compliance testing
  • performance testing
  • residual risk analysis
  • process maturity assessment (CMMI-like)

Products:

  • Inspection test results
  • List of non-conformities (NC)
  • List of observations (OBS)
  • List of recommendations (REC)

Risk analysis and SoA verification

Objective: to assess whether the organisation properly identifies, assesses and manages risks.

Scope:

  • review of the risk analysis methodology
  • assessment of the risk register
  • assessment of the adequacy of controls in relation to risks
  • SoA verification:
    • completeness
    • justification
    • implementation status
    • link to risks

Products:

  • SoA verification with recommendations
  • Risk assessment report
  • Updated risk map

Final report and closing session

Objective: to present the audit findings and recommendations.

Scope:

  • presentation of findings to management
  • discussion of non-compliance issues and areas of risk
  • prioritisation of corrective actions
  • strategic and operational recommendations
  • roadmap to full compliance

Products:

  • Compliance and Risk Dashboard
  • ISO 27001 Audit Report
  • NC/OBS/REC Matrix
  • 3–12-month Roadmap

Audit techniques used by JDA Advisory

  • documentation review
  • interviews and workshops
  • control testing (design & operating effectiveness)
  • log and configuration analysis
  • evidence sampling
  • risk analysis
  • process maturity assessment
  • incident and problem analysis
  • review of changes and implementations
  • analysis of compliance with sector-specific requirements (DORA, NIS2, KNF, EBA, ENISA)

Key deliverables provided to the client

  • Updated risk analysis (optional)
  • Audit Plan
  • List of evidence
  • Stage 1 Report
  • Stage 2 Report
  • List of NC/OBS/REC
  • Compliance dashboard
  • Compliance roadmap
  • Updated SoA (optional)

Key features of the JDA Advisory methodology

  • executive-ready communication
  • granularity and evidence-based approach – every conclusion backed by concrete evidence
  • sector-specific approach – banking, fintech, insurance, ICT, SaaS, manufacturing
  • mapping to DORA, NIS2, KNF, EBA
  • dashboards and KPIs/KRIs for management boards
  • practical recommendations, not theoretical advice
  • minimising the client’s workload – a precise list of evidence, clear instructions
ISO 27001 Checlist

Zabezpiecz swoją firmę dzięki audytowi ISO 27001.

Skorzystaj z naszej ekspertyzy, aby skutecznie wdrożyć normę ISO 27001 i zwiększyć bezpieczeństwo informacji w Twojej organizacji. Sprawdź, jak możemy pomóc Ci spełnić wymagania i poprawić procesy zarządzania bezpieczeństwem danych.

Contact – JDA Advisory