WingNews logo WingNews
top | item 46738623

(no title)

mlitwiniuk | 1 month ago

No, we don't do audits — and that's intentional. I think there's a conflict of interest when the same company advises you on compliance and then certifies you. Incentives get weird.

The good news: there are plenty of EU-based ISO 27001 audit firms. We can recommend one or two if you need a pointer — we just don't have a formal catalogue or marketplace for that yet (though it's on my list).

So you'd use Humadroid for the preparation - policies, controls, evidence, risks, continuity plans, ISMS workbook - and then bring in an independent auditor for certification.

discuss

order

evaneykelen|1 month ago

They also do not carry out the audit themselves (for the same reason) but the do all the legwork for you. Huge benefit imo.

mlitwiniuk|1 month ago

Makes sense. We're working toward making the auditor connection easier on our end too. Not there yet, but it's on the roadmap.