ISO 27001 Certification · The auditor
Working with your auditor.Two roles, one relationship worth getting right.
Two parties will audit your information security management system, one internal and one external. You have more influence over how those audits go than you might think, and almost all of it is decided when you choose who to work with. Here is how to pick an auditor you can build a relationship with.
Last updated:
Choosing your auditor
The size of the certification body changes the experience.
You have far more influence over how your audits go than you might think, and most of it is decided at the point you choose. A long-term relationship with one auditor who knows your history means earlier decisions can be revisited quickly, less has to be re-explained, and every session is worth more.
Large certification firm
You are a number
Internal departments assign auditors and reshuffle them when someone is unavailable.
Over a three-year cycle you may sit with different auditors for the same topic, and start over explaining your context each time.
Small, owner-led body
You build a relationship
A handful of auditors, often led by the owner, who takes genuine pride in the work.
One person gets to know your history, can build on earlier findings, and makes each audit a conversation of real value rather than a fresh start.
What to look for when you choose.
Local to you: the same language, culture, and way of working.
Small enough that you deal with one auditor, not a rotating roster.
Genuine interest in your business, not a box-ticking pass.
Continuity across the three-year cycle, so findings build on each other.
A working style you can be open with, because candour is what makes an audit useful.
Treat your auditor as a partner, not an examiner.
Do not be intimidated. The best auditors want to think alongside you and help your situation improve. Approach the relationship in a connective way, not a defensive or adversarial one.
Brief everyone who will be interviewed so they know what to expect. Most audit anxiety comes from a misread of what the meeting is. When people understand it is a conversation about their work, the whole audit goes better.
Where we fit
We help you prepare and choose. We are not a middleman.
Finding your auditor is your work
And that is deliberate. The value sits in the direct relationship between you and your auditor. A preferred supplier sitting in between would only weaken the very relationship that makes audits worthwhile.
What the agent does instead
It gets your risk register, documentation, and evidence audit-ready, so nothing is missing and everything is demonstrable. The work is already real before the auditor arrives. That is what makes every audit straightforward.
Common questions
The audit is easier when the work is already real.
Choose your auditor well, and let the Askara Solutions agent get your risk program and documentation audit-ready. By the time the auditor sits down with you, there is nothing to scramble for.