Assurco offers comprehensive ISO 22340 auditing services against the standard Protective Security. Although the standard provides a set of Guidelines for an enterprise protective security architecture and framework, our auditors can interpret them as requirements and produce an audit plan against one or more of the security domains considered:
- security governance;
- personnel security;
- information security;
- cybersecurity;
- physical security.
In addition, our expert auditors can incorporate clauses form security supplier contracts to ensure they maintain expected service levels.
An ISO 22340 audit programme from Assurco helps your organisation move to security maturity.
ISO 22340 Audit Programme
The Lead Auditor assigned to your organisation will work with you to define the scope of your audit requirement, and subsequently create an audit programme that meets your intended audit objectives.
The standard suits a controls based audit and can be cross-referenced with ISO 22301 for Business Continuity and ISO 27001 for Information Security.
Our audit programme will look at your broad scope to avoid repetition.
1st Party ISO 22340 Internal Audits
As a business, it is crucial to periodically review your own systems to ensure compliance and identify areas for improvement. Our 1st party internal audits are designed to evaluate the effectiveness of your own business continuity management system, ensuring it aligns with ISO 22340 guidelines. We will assess your processes, documentation, and overall adherence to the standard, providing a clear view of your system’s strengths and areas that require attention.
2nd Party ISO 22340 Supplier Audits
In addition to internal audits, we also offer 2nd party supplier audits to assess the business continuity management practices of your suppliers. By conducting these audits, we help ensure that your supply chain is resilient and aligned with your continuity objectives, as well as the expectations set by ISO 22340. Our experts will assess the practices, controls, and processes implemented by your suppliers, providing you with peace of mind that they meet the necessary requirements.
ISO 22340 Audit Field Work & Audit Report
During the audit fieldwork we will test the protective security of your organisation including an associated controls using risk-based sampling techniques. Any findings will be raised based on the objective evidence sampled, and we’ll be transparent about this during the audit.
Everything is documented within the audit report, including positive observations, which can be presented to leadership and other stakeholders as a measure of the maturity of your protective security. The audit report should always be shared in full.
Find Out More about our ISO 27001 Auditors
Our ISO 27001 Audits are conducted in line with our Auditing Standards and Audit Process.