IT Auditors in the United Kingdom

Amethyst Risk Management

London11-50 employees

Amethyst Risk Management is an NCSC assured provider delivering cyber security audit and review services. They specialise in assessing organisations against the NCSC Cyber Assessment Framework for government and critical infrastructure sectors.

Brand Compliance

Antwerpen11-50 employees

RvA-geaccrediteerde certificatie-instelling met kantoor in Antwerpen, gespecialiseerd in ISO- en NEN-certificeringen. Erkend door het CCB voor CyberFundamentals-verificatie en ISO 27001-certificering onder NIS2.

Centre for Assessment

Warrington11-50 employees

Centre for Assessment is a UK-based certification and assurance body providing SOC 2 assurance reports and ISAE 3000 certification. They offer accessible and proportionate assurance services for organisations of all sizes.

Complyport

London11-50 employees

Complyport is a specialist compliance and IT audit firm focused on FCA and PRA regulated financial services firms. They deliver IT and cybersecurity audits, IT audit plans, and cyber risk assessments tailored to the regulatory requirements of the UK financial sector.

Consilium Labs

London11-50 employees

Consilium Labs is a global specialist IT audit firm providing SOC 1/2/3, ISAE 3402, ISAE 3000, ISO 27001 and CSA STAR audits. They focus on cloud security assurance and help technology organisations demonstrate trust to their customers.

ITGRC Advisory

London11-50 employees

ITGRC Advisory (known as The SOC 2) is a UK-based specialist firm focused on SOC and ISAE assurance engagements. They provide SOC 1, SOC 2, SOC 2+, SOC 3, ISAE 3402 and ISAE 3000 audits and attestation services for technology and service organisations.

Securance

Utrecht11-50 employees

Gespecialiseerd IT-audit- en cybersecuritybedrijf dat meer dan 800 organisaties bedient met een Single Audit, Multiple Standards aanpak. Combineert SOC, ISAE 3402, ISO 27001, NIS2 en DORA in één gestroomlijnd auditproces.

Bridewell

London51-200 employees

Bridewell is a leading UK cyber security firm holding the most NCSC assured service categories of any provider. They deliver NCSC assured Audit & Review, Risk Assessment, Risk Management, CAF assessments and GovAssure services for government and critical national infrastructure.

GRC Solutions

Ely51-200 employees

GRC Solutions (formerly IT Governance Ltd) is a leading UK-based IT governance, risk and compliance provider. As an NCSC Assured consultancy, they offer IT audit, SOC 2 preparation, ISO 27001 audit, cyber security audit and review services.

Henderson Loggie

Glasgow51-200 employees

Henderson Loggie is a leading Scottish accountancy firm offering specialist IT audit services including ISAE 3402 Type I & II reporting, IT internal audit, cybersecurity and digital resilience assessments, and UK GDPR compliance audits. With deep expertise in the Scottish market, they provide comprehensive assurance services to organisations across the UK.

Prescient Security

London51-200 employees

Prescient Security is a global IT audit and compliance firm with senior auditors across EMEA. They deliver SOC 1, SOC 2, SOC 3, ISO 27001, PCI DSS, HITRUST, and FedRAMP audits, and hold CREST accreditation for penetration testing services.

A-LIGN

London201-500 employees

A-LIGN is a compliance and security audit firm with a London office, specialising in SOC 2, ISO 27001, HITRUST, PCI DSS and FedRAMP audits. They serve technology companies seeking streamlined compliance across multiple frameworks.

Baker Tilly UK

London201-500 employees

Baker Tilly UK provides IT advisory and IT audit support for financial audit engagements, along with assurance reporting services.

Coalfire

London201-500 employees

Coalfire is a global cybersecurity advisory and audit firm with European offices serving UK clients. They provide SOC 1/2/3, ISAE 3402, ISO 27001, PCI DSS, FedRAMP and HITRUST audits, with deep expertise in cloud security assurance.

Crowe UK

London201-500 employees

Crowe UK provides IT audit, technology risk, SOC 1/2 reporting, IT internal audit and ITGC testing services. Part of the global Crowe network, their UK practice combines international methodology with local expertise for effective IT assurance engagements.

MHA

London201-500 employees

MHA (formerly MacIntyre Hudson) provides IT audit and technology risk assurance services, including AIM audit services. Their team helps mid-market organisations manage technology risks and meet regulatory requirements.

Moore Kingston Smith

London201-500 employees

Moore Kingston Smith offers SOC reporting and IT audit services with a focus on technology companies. Their dedicated technology sector team understands the specific assurance needs of SaaS, fintech and digital businesses.

PKF Littlejohn

London201-500 employees

PKF Littlejohn provides IT audit as part of statutory and financial audit engagements, with particular strength in technology assurance for AIM-listed companies.

Protiviti UK

London201-500 employees

Protiviti UK offers internal IT audit, technology risk consulting, SOX ITGC testing and co-sourced/outsourced IT audit services. Their team provides flexible IT audit solutions for organisations seeking to strengthen their technology risk management.

Saffery

London201-500 employees

Saffery provides risk assurance services including technology risk assessments. Their team supports clients across private wealth, charities and owner-managed businesses with practical risk management solutions.

Schellman

London201-500 employees

Schellman is a global IT audit and compliance firm serving UK clients with SOC 1/2, ISO 27001, PCI DSS, HITRUST, FedRAMP and SOX ITGC testing services. Known for their deep technical expertise and efficient audit processes.

BDO UK

London500+ employees

BDO UK provides IT audit, assurance and certification services including SOX 404, ISAE 3402, SOC 2, PCI DSS and data privacy audits. Their dedicated technology risk team serves financial services, technology and public sector clients across the UK.

BSI Group

London500+ employees

BSI Group is a UK-headquartered global certification body providing ISO 27001, ISO 22301, ISO 20000, ISO 9001 and Cyber Essentials certification audits. As one of the world's leading standards organisations, BSI offers comprehensive management system certification.

Bureau Veritas UK

London500+ employees

Bureau Veritas UK provides ISO 27001 certification, cybersecurity audits and SOC 2 audit services. Part of the global Bureau Veritas group, they deliver testing, inspection and certification services across information security and cyber resilience domains.

Deloitte UK

London500+ employees

Deloitte UK delivers IT audit and assurance, third party assurance (ISAE 3402, SOC 1/2/3), and controls assurance services. With one of the largest technology risk practices in the UK, Deloitte supports organisations in managing complex IT risk and compliance requirements.

DNV UK

London500+ employees

DNV UK provides ISO 27001 certification, IT audit and information security assessments. As one of the world's largest certification bodies, DNV offers independent assessment and certification services for organisations seeking internationally recognised standards.

EY UK

London500+ employees

EY UK provides technology risk, IT audit, SOC reporting and cybersecurity assurance services. EY is a globally recognised auditor for cloud service providers and helps organisations navigate complex regulatory requirements across financial services, technology and public sectors.

Forvis Mazars UK

London500+ employees

Forvis Mazars UK offers a comprehensive IT assurance and advisory practice including ISAE 3402/SOC 1, SOC 2/3, ISAE 3000, cyber security assessments, IT internal audit and IT due diligence.

Grant Thornton UK

London500+ employees

Grant Thornton UK delivers technology risk services, IT audit, cybersecurity assessments and ISAE 3402 reporting. As a leading mid-market advisory firm, Grant Thornton provides tailored IT assurance solutions for growing businesses and public interest entities.

KPMG UK

London500+ employees

KPMG UK offers technology risk management, IT audit and ISAE 3402/SOC reporting services. Their dedicated technology risk team provides assurance over IT general controls, application controls and emerging technology risks for organisations of all sizes.

Kroll

London500+ employees

Kroll is a global risk advisory firm providing cybersecurity audits, cyber risk assessments, and CREST accredited penetration testing. Their team includes CISA-certified auditors delivering comprehensive IT audit and assurance services across the UK and globally.

LRQA

London500+ employees

LRQA (formerly Lloyd's Register Quality Assurance) is a UK-headquartered certification body providing ISO 27001 certification, cybersecurity audits, internal audits and pre-assessment audits. Their global network of assessors delivers certification services across all industries.

NCC Group

Manchester500+ employees

NCC Group is a global cyber security and resilience firm listed on the London Stock Exchange. They provide NCSC assured services, cyber resilience audits, cybersecurity assessments and penetration testing services for organisations across all sectors.

PwC UK

London500+ employees

PwC UK provides comprehensive technology risk assurance, IT audit and advisory services. As one of the Big Four professional services firms, PwC offers deep expertise in ISAE 3402/SOC reporting, ISO 27001 implementation and audit, and cybersecurity assurance for organisations across all sectors.

RSM UK

London500+ employees

RSM UK provides technology risk assurance, IT audit, SOC reporting and IT internal audit services. As one of the largest advisory firms in the UK, RSM offers pragmatic IT assurance solutions tailored to mid-market and growing organisations.

SGS UK

London500+ employees

SGS UK provides ISO 27001 certification audits and information security management assessments. As the world's leading testing, inspection and certification company, SGS delivers trusted certification services for organisations seeking ISO compliance.