Comment by evaneykelen
1 month ago
Interesting, do you also provide the actual audit for ISO 27001 as part of your service? That’s why I went with Oneleet, but a EU-based solution would be attractive.
1 month ago
Interesting, do you also provide the actual audit for ISO 27001 as part of your service? That’s why I went with Oneleet, but a EU-based solution would be attractive.
No, we don't do audits — and that's intentional. I think there's a conflict of interest when the same company advises you on compliance and then certifies you. Incentives get weird.
The good news: there are plenty of EU-based ISO 27001 audit firms. We can recommend one or two if you need a pointer — we just don't have a formal catalogue or marketplace for that yet (though it's on my list).
So you'd use Humadroid for the preparation - policies, controls, evidence, risks, continuity plans, ISMS workbook - and then bring in an independent auditor for certification.
They also do not carry out the audit themselves (for the same reason) but the do all the legwork for you. Huge benefit imo.
Makes sense. We're working toward making the auditor connection easier on our end too. Not there yet, but it's on the roadmap.
1 reply →