Build · Audit readiness
Audits go badly when the evidence is scattered, the controls were never rehearsed against the actual criteria, and the team meets the assessor's questions for the first time in the room. We assemble the evidence, map it to every control, rehearse the program against the published criteria of your standard, and close the gaps before the assessor arrives, so the audit is a confirmation, not a discovery.
Scope agreed in writing before any work. No obligation.
ISO 27001, SOC 2, or a sector assessment is booked, and you want to walk in ready rather than hope. The preparation turns a deadline into a plan.
You have never been through this assessment and do not know what the assessor will actually ask or want to see. You need someone who has sat on both sides to prepare you.
Last time produced nonconformities, scrambling, and surprises. You want this one to be calm because the gaps were found and closed beforehand, on your timeline.
The method
We gather the evidence and map it to each control the standard requires, so there are no blanks when the assessor asks. The work is knowing what proof each control needs and having it in the right shape before the day.
The program is walked through against the actual, published criteria of your standard, not a generic checklist, so the questions the assessor will ask are the questions you have already answered. Surprises in the room are a preparation failure.
Where the rehearsal finds a gap, it is closed on your timeline rather than written up as a nonconformity on theirs. Finding it first is the entire point.
We prepare you and stand beside you through the audit, but we are never your assessor. The certificate or attestation is issued by an independent body, which is exactly what makes it worth holding.
What you are commissioning
One named engagement from the Build track backs this page. Scope is sized to the standard and the audit date, and agreed in writing before any work begins.
Build trackTypically 4–8 weeks
Walk into the assessment ready.
Best for teams with an audit date on the calendar.
Includes
Deliverables
The bright line
A firm that prepares your audit and also certifies it has compromised the assurance you are paying for. We hold that line on purpose.
Questions
Most commonly ISO 27001 and SOC 2, and sector or regional assessments where they apply. We prepare against the actual published criteria of the standard in scope, so the rehearsal reflects what your assessor will genuinely test.
A walk-through of your program against the assessor's criteria, control by control, as if it were the audit, so gaps surface while there is still time to close them. It ends in a go or no-go view, an honest read on whether you are ready or whether the date should move.
No, and that is deliberate. Certification must come from an accredited, independent body; a firm that prepares you and then judges you would compromise the assurance. We prepare you and stand beside you through the audit, no further.
A compliance readiness assessment, earlier in the lifecycle, measures the distance to certification. Audit preparation is the final push: assembling and rehearsing the evidence in the run-up to a booked assessment. Many teams do the first early and this just before the audit.
An assessor-ready evidence pack, the rehearsal findings, and a go or no-go readiness view, so you enter the assessment with the evidence in hand and no surprises waiting.
One conversation, then the scope and the price in writing. Your enquiry arrives already marked for audit preparation.