Business Key Consult logo
Business Key Consult
ISO / Internal & GAP Audits
BGGet a quote
Services
ISO 19011Evidence-basedRisk-basedActionable plan

Internal & GAP audits for ISO 27001, ISO 9001 and related standards

Focused internal and GAP audits: clear criteria, traceable evidence, and a practical improvement plan (ISO 19011 approach).

Contact usMethodology
Business Key Consult — standards
ISO 9001ISO 27701ISO 27017
Standards we cover
  • ISO/IEC 27001:2022 – Information Security Management Systems
  • ISO/IEC 27701 – Privacy Information Management (GDPR readiness)
  • ISO/IEC 27017 – Cloud security controls
  • ISO/IEC 27018 – Protection of PII in public clouds
  • ISO 9001:2015 – Quality Management Systems
Important note

These are internal and GAP audits with a consulting nature and do not represent a certification audit or the activity of a certification body.

What we offer

Our services are structured in line with applicable ISO standards and good auditing practice, to provide an objective, independent assessment and actionable outcomes. After the audit, we deliver clearly documented findings, a conformity assessment, and improvement recommendations—whether your goal is certification readiness, maintaining the management system, or assessing a specific scope.

Useful resources and materials
Why choose Business Key Consult
  • Focused expertise in internal and GAP audits for ISO 27001, related standards and ISO 9001
  • 100% remote audit model – minimal disruption to operations
  • Full confidentiality – NDA is a standard part of the process
  • Fast delivery – full audit pack within 5 business days after the closing meeting
  • Practical recommendations, not a theoretical checklist
  • Hands-on experience with IT, SaaS, BPO, startups, fintech, and corporate environments
  • Experience with EU and non-EU clients, aligned to regulatory and contractual requirements

What we offer

Internal & GAP audit

Independent assessment of your management system and controls, with evidence-based findings, grading, and an improvement plan.

View the service
Annual internal audit program

Risk-based annual plan: schedule, scopes, criteria, and coverage across key processes and controls.

Request a quote
Readiness / gap assessment

Fast readiness review: gaps across applicable standards, priorities and next steps.

Request a quote
Useful information on ISO standards, internal audits and gap assessments

In this section you’ll find practical guidance related to management system standards, internal and GAP audits, and good auditing practices aligned with ISO 19011.

ISO/IEC 27001:2022
Information Security Management System (ISMS)

ISO/IEC 27001:2022 is an international standard for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS).

It helps organisations to:
  • identify and assess information security risks
  • protect confidentiality, integrity and availability of information
  • apply controls aligned to risk
  • demonstrate conformity to customers and partners
Key elements of ISO/IEC 27001:
  • context of the organisation
  • risk assessment and treatment
  • policies and procedures
  • controls (Annex A)
  • monitoring, audit and improvement
ISO 9001:2015
Quality Management System (QMS)

ISO 9001:2015 is an international quality management standard focused on processes, customer satisfaction and continual improvement.

Key benefits include:
  • better defined and managed processes
  • higher efficiency and consistency
  • better control over risks and opportunities
  • improved quality of products and services

The standard is based on a process-oriented and risk-based approach.

ISO/IEC 27701
Privacy Information Management System (PIMS)

ISO/IEC 27701 extends ISO/IEC 27001 and ISO/IEC 27002 with requirements for managing personal data and privacy.

It supports organisations with:
  • personal data management
  • demonstrating alignment with GDPR
  • defining roles and responsibilities
  • implementing privacy protection measures
ISO/IEC 27017
Information security controls for cloud services

ISO/IEC 27017 provides additional control guidance for organisations that provide or use cloud services.

Focus areas include:
  • clear responsibility split between provider and customer
  • data protection in cloud environments
  • incident and change management
ISO/IEC 27018
Protection of PII in public cloud environments

ISO/IEC 27018 focuses on protecting personally identifiable information (PII) in public cloud services.

The standard emphasises:
  • transparency
  • limiting use of data
  • protecting data subject rights
Climate Change Amendment (2024)

An amendment requiring organisations to consider climate change as a potential external issue under clauses 4.1 and 4.2 across management system standards.

How are the standards related?

ISO/IEC 27001 and ISO 9001 can be implemented and audited as an integrated management system.

  • risk management
  • process approach
  • internal audits
  • nonconformity management
  • continual improvement

Internal and GAP audits against these standards are performed in line with ISO 19011.

Frequently asked questions (FAQ)
What is an internal audit?

An internal audit is an independent and objective assessment of a management system, aimed at evaluating conformity and effectiveness.

What is a gap assessment?

A gap assessment identifies differences between an organisation’s current state and the requirements of a given standard, supporting improvement planning.

What is ISO 19011?

ISO 19011 provides guidance for planning, conducting, documenting and reporting audits of management systems.

Share your goal and scope — we’ll return a plan and quote

Certification, annual program, or a specific scope. Send locations/processes and timelines.

Contact us