Comment by mlitwiniuk
1 month ago
No, we don't do audits — and that's intentional. I think there's a conflict of interest when the same company advises you on compliance and then certifies you. Incentives get weird.
The good news: there are plenty of EU-based ISO 27001 audit firms. We can recommend one or two if you need a pointer — we just don't have a formal catalogue or marketplace for that yet (though it's on my list).
So you'd use Humadroid for the preparation - policies, controls, evidence, risks, continuity plans, ISMS workbook - and then bring in an independent auditor for certification.
They also do not carry out the audit themselves (for the same reason) but the do all the legwork for you. Huge benefit imo.
Makes sense. We're working toward making the auditor connection easier on our end too. Not there yet, but it's on the roadmap.
great, i’ll keep an eye on you guys