IT Audit Services

Assurance reporting on the design (Type I) and operating effectiveness (Type II) of internal controls at service organisations, relevant to clients' financial reporting.

14 Auditors available

Independent assessment of internal controls at service organisations that affect user entities' financial reporting, in accordance with SSAE 18.

14 Auditors available

Assessment of the design (Type I) and operating effectiveness (Type II) of security, availability, processing integrity, confidentiality and privacy per the Trust Service Criteria.

20 Auditors available

Publicly available assurance report on the Trust Service Criteria, suitable for general use without confidentiality restrictions. Ideal for marketing and transparency.

6 Auditors available

Broad assurance standard for non-financial information. Used for sustainability reporting, compliance statements and other assurance engagements outside the financial audit.

5 Auditors available

Audit and certification of your Information Security Management System (ISMS) against the international ISO/IEC 27001 standard for information security.

15 Auditors available

Extension to ISO 27001 focused on privacy information management (PIMS). Helps organisations demonstrate GDPR compliance through a certified management system.

1 Auditor available

Certification of your Business Continuity Management System (BCMS) against ISO 22301. Ensures continuity of critical business processes during disruptions.

5 Auditors available

Audit and certification of your quality management system against ISO 9001. The world's most widely recognised standard for quality management.

6 Auditors available

Certification audit of your IT Service Management System against ISO/IEC 20000. The international standard for delivering quality IT services.

1 Auditor available

Certification of your AI Management System against ISO/IEC 42001. The first international standard for responsible management of artificial intelligence systems.

0 Auditors available

Assessment of your organisation's compliance with the UK GDPR and Data Protection Act 2018, including records of processing, DPIAs and data subject rights. Covers UK-specific provisions including the Data (Use and Access) Act amendments.

3 Auditors available

Assessment of your organisation's compliance with the UK Cyber Security & Resilience Bill, amending the NIS Regulations 2018. Covers expanded scope including managed service providers, data centres and critical suppliers, with 24-hour incident notification requirements.

0 Auditors available

Mandatory annual assessment for all organisations accessing NHS patient data or systems. Aligned with the NCSC Cyber Assessment Framework (CAF), covering 10 data security standards. Requires independent audit for larger NHS bodies.

0 Auditors available

Assessment against the UK Government's framework for evaluating cyber security of organisations operating essential services and critical national infrastructure. Underpins GovAssure and the Cyber Security & Resilience Bill.

4 Auditors available

The UK Government's cyber security assurance scheme requiring central government departments to assess critical systems against NCSC CAF profiles, including mandatory third-party assessment.

1 Auditor available

Assessment of operational resilience for UK financial services firms, covering identification of Important Business Services, Impact Tolerances, and scenario testing. Mandatory framework enforced by the FCA and PRA.

1 Auditor available

Compliance audit against the UK Telecommunications (Security) Act 2021 and Ofcom's Security Code of Practice. Covers 258 security measures for public telecoms providers. Non-compliance penalties up to 10% of turnover.

0 Auditors available

Independent assessment of your SWIFT environment against the Customer Security Programme (CSP). Mandatory for all organisations using SWIFT for financial transactions.

0 Auditors available

Assessment of IT General Controls for Sarbanes-Oxley compliance, including change management, access controls and IT operations.

13 Auditors available

Audit and certification against the Payment Card Industry Data Security Standard for organisations processing cardholder data.

5 Auditors available

Information security assessment under TISAX (Trusted Information Security Assessment Exchange) for the automotive sector. Required by OEMs and Tier-1 suppliers in the supply chain.

0 Auditors available

Certification against the HITRUST Common Security Framework (CSF), a comprehensive framework integrating ISO 27001, NIST, PCI DSS and HIPAA. Widely required by healthcare and cloud service organisations, especially for US market access.

4 Auditors available

Cloud Security Alliance STAR (Security, Trust, Assurance and Risk) certification for cloud service providers. Assesses security based on the Cloud Controls Matrix (CCM). Available as Self-Assessment (Level 1), Third-Party Audit (Level 2) or Continuous Monitoring (Level 3).

1 Auditor available

Conducting controlled cyber attacks to identify vulnerabilities in your IT infrastructure, applications and networks.

3 Auditors available

UK Government-backed baseline cyber security certification scheme. Cyber Essentials is a self-assessed questionnaire; Cyber Essentials Plus adds hands-on technical verification. Mandatory for UK government contracts handling personal data.

2 Auditors available

Comprehensive information security standard building on Cyber Essentials, closely mapped to ISO 27001 but designed to be affordable for SMEs. Includes GDPR privacy controls. Available as Level 1 (verified) or Level 2 (full audit).

0 Auditors available

Penetration testing performed by a CREST-accredited company. CREST is the de facto industry standard for penetration testing accreditation in the UK, increasingly required for public sector and financial services contracts.

4 Auditors available

NCSC-approved penetration testing scheme for UK public sector systems and Critical National Infrastructure. Mandatory for testing systems handling data classified as OFFICIAL or higher. Providers undergo strict NCSC approval.

1 Auditor available

Bank of England scheme for intelligence-led penetration testing of UK financial institutions. Uses bespoke threat intelligence to simulate sophisticated, targeted cyber attacks against people, processes and technology.

0 Auditors available

Security audits of your cloud infrastructure (AWS, Azure, GCP) including configuration reviews, IAM policies and data protection.

1 Auditor available

Comprehensive assessment of your cyber security measures, including network, endpoint and application security.

26 Auditors available

Security audit of industrial automation and control systems (OT/SCADA/ICS) against the IEC 62443 standard. Essential for manufacturing, energy and critical infrastructure.

0 Auditors available

Identification, analysis and assessment of IT risks within your organisation, with recommendations for risk management.

17 Auditors available

Assessment of risks associated with third parties and suppliers, including due diligence and continuous monitoring.

1 Auditor available

Fully outsourced or co-sourced IT internal audit services. An external IT audit team executes your internal audit plan, including ITGC testing, technology risk assessments and reporting to the audit committee.

12 Auditors available

Audit for compliance with the UK Corporate Governance Code Provision 29, requiring directors to declare effectiveness of material internal controls. Applies to premium-listed companies from 2026 reporting periods.

4 Auditors available