Book FREE Consultation

URM is pleased to provide a FREE 30 minute consultation on Transitioning to ISO 27001:2022 for any UK-based organisation. Once an enquiry form has been submitted, we will be in touch to understand the nature of your enquiry and to book a mutually convenient time for a 30-minute consultation slot with one of URM’s specialists.

Outsourced Auditing Services

Flexible range of audit services from planning and implementing to conducting individual audits

Outsourced Auditing Services

Internal auditing plays a critical role in ensuring that your organisation’s management system (including policies, processes, procedures and controls) is operating effectively.  A significant challenge for many organisations is a lack of sufficiently competent resources or those with sufficient impartiality to cover all auditing needs.  One solution is to outsource your internal auditing process.  Naturally, if you are involved in outsourcing audits, you need to ensure that both the conduct of the audit and the output from the audit will be fit for purpose and will fully meet your expectations and the requirements of your various interested parties.  This is where URM can assist.  We have extensive audit experience and competency and can offer a flexible range of audit services.

We are able to provide you with both full audit programme support or simply conduct individual audits against key management system standards, as well as processes or specific controls from standards such as ISO 27001 (Information Security), ISO 22301, (Business Continuity), ISO 20000 (IT Service Management) and ISO 9001 (Quality).

Full Audit Programme Support

With our full audit programme support, URM can help you develop your audit methodology and schedule for all your internal audits.


Our established and proven audit methodology is based on analysing your requirements and ensuring that audit results are accurate and repeatable and will take into account factors such as conducting interviews, reviewing documentation e.g., policies and processes, inspecting records (e.g., logs and registers) and sampling (e.g., type and scale).


When helping you develop your audit schedule, URM will build it around your specific requirements.  For example, if it is part of an ISO 27001 certification programme, we will plan to ensure all clauses and controls are assessed over the 3-year cycle.  At the same time, audits may be prioritised based on a series of factors including risk assessment findings, incidents, previous audit findings, or legal, regulatory or contractual requirements.


Having discussed and agreed the audit schedule, URM’s auditors will discuss the management and reporting of audits.  Here, we will discuss the format of audit reports and how findings will be classified, how corrective actions will be tracked and how audit reports will be followed up.  Details and competencies of the audit team will be provided.  


In preparation for the actual audits, URM will define audit objectives, scope and criteria (clauses and/or controls from ISO 27001 and or organisational policies/processes), as well as agreeing logistics, e.g., who will be interviewed and when.


In terms of post-audit reports, URM will provide a detailed summary of processes and activities audited, clauses and controls evidenced and documents and records seen, along with findings (nonconformities and opportunities for improvement).


As your outsourced audit partner, URM can help you not just with your internal audits, but also with auditing your key suppliers.  Supplier audits are often overlooked, but with the advent of cloud services and the increasing number of cloud-based products and services on offer to organisations, third-party reliance is likely to further increase in the future.

URM is able to assist in assessing whether the services you are receiving from your third parties meet all of your expectations from an information security, data protection , business continuity or quality perspective.  URM’s Supplier Risk Management Tool, Abriska 27036, can play a valuable role in prioritising your various suppliers and partners.

Get in touch

Please note, we can only process business email addresses.

Why URM?

Audit and subject matter specialists

URM’s expertise incorporates a combination of auditing skills (e.g., CISA and PCI QSA qualifications), knowledge of standards (e.g., ISO 27001, ISO 22301, ISO 9001 and PCI-DSS), IT technical knowledge (e.g., databases, networking, operating systems and applications) and the interpersonal skills necessary to extract the maximum information from interviewees.  URM guarantees that the competence requirements from Clause 7.2 of ISO 27001, 22301 and 9001 will be met in respect of its auditing services.

ISO certification specialists

When conducting internal audits for those organisations certified to ISO 27001/22301/9001 etc, URM is hugely experienced in understanding the assessment requirements of certification bodies.  This has been gained through assisting hundreds of organisations achieve certifications, sitting in on many of the assessments, as well as the fact a number of URM’s auditors are ex-certification body assessors.  As such, when conducting internal audits, we will ensure the same reporting approach to nonconformities etc will be adopted.  It is also guaranteed that all of the mandatory internal audit requirements from Clause 9.2, along with the control requirements from ISO 27001 will be satisfied if the whole of your internal audit programme is outsourced to URM.

Flexible and pragmatic

URM can offer your organisation a flexible range of audit services from planning and implementing a full 3 year’ ISO 27001 audit programme, to conducting individual audits against any aspect of the ISMS or any specific controls.  Our auditors are also able to apply a pragmatic business-based approach to audit requirements.

Information Security FAQISO 27001 FAQ

Common Pitfalls Identified in Organisations Seeking ISO 27001 Certification

Published on

URM’s blog discusses the common pitfalls of the ISO 27001 implementation and certification process, and how you can avoid making the same mistakes.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
Planning Your ISO 27001 Audit Programme

URM’s blog drills down into ISO 27001 audits, offering advice on how to effectively develop and implement an ISO 27001 conformant audit programme.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
How to Meet the ISO 27001 Requirements Around Interested Parties

URM’s blog provides advice and guidance on how you can meet the ISO 27001 requirements around interested parties and their needs and expectations.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
Lessons Learnt from Early ISO 27001:2022 Transitions

URM’s blog, produced in collaboration with BSI, discusses common mistakes we have seen in early ISO 27001:2022 transitions, and how to avoid them.

Read more
Without URM, Havas People would not of achieved its certification goals.
Director, Havas People
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.