Gap Assessments
Structured analysis of your current controls against ISO 27001, 42001, 27701, or Essential Eight requirements. You get a clear picture of where you stand and what needs to change before certification.
Expert guidance from gap assessment through to certification readiness — controls designed for your business, not generic templates.
ISO compliance isn't a checklist exercise — it's genuine risk management. Whether you're starting from scratch or halfway through implementation and stuck, I work alongside your team to build controls that actually function in your environment.
With 26 years in IT infrastructure, I understand the gap between what auditors want to see and what's actually achievable for a business your size. I bridge that gap — keeping you compliant without creating unnecessary overhead.
"Your security framework should support your business, not slow it down."
Every engagement is scoped to your situation. Below is the full range of services available under pre-audit consulting.
Structured analysis of your current controls against ISO 27001, 42001, 27701, or Essential Eight requirements. You get a clear picture of where you stand and what needs to change before certification.
Planning and roadmap support for building your Information Security Management System. I help you sequence implementation practically, aligning controls with your operational reality and resourcing.
Controls built for your specific environment — balancing compliance requirements with business feasibility. No copy-paste templates that don't fit how your organisation actually operates.
Guidance on the policies, procedures, and records your ISMS needs. I help you create documentation that actually reflects how you work — not just what an auditor wants to see on paper.
A structured readiness review before your certification audit — identifying remaining gaps, confirming evidence is in order, and giving your team confidence going into the assessment.
Executive-level translation of risk and compliance status. Helping leadership understand their obligations, make informed decisions, and be prepared for management review discussions during audits.
Structured in three phases — though every engagement is tailored to where you're starting from.
Discovery session to understand your environment, existing controls, and certification timeline. Gap assessment against your target standard. Prioritised implementation roadmap.
Hands-on guidance as you build and deploy controls. Documentation review, control design support, and ongoing advisory as questions arise. Practical, not theoretical.
Final readiness review before your certification audit. Evidence check, gap identification, management review preparation. You go into your audit knowing where you stand.
The world's leading information security management standard. Gap assessments, ISMS design, Annex A control implementation, and pre-audit readiness for certification.
The international standard for AI governance and responsible AI management. Implementation consulting for organisations developing, deploying, or using AI systems.
Privacy extension to ISO 27001 covering GDPR, Australian Privacy Act alignment. Implementation support for organisations managing personal information at scale.
ASD's Essential Eight Maturity Model. Practical maturity assessments and remediation planning for organisations working toward government or procurement compliance requirements.
Important — Auditor Independence: If I provide pre-audit consulting for your organisation, I cannot then conduct your certification audit. ISO standards require auditors to be independent of the organisations they certify. This keeps your certification credible and protects you. I'll refer you to a suitable certification body when you're ready.
Whether you're starting from zero or need a pre-audit check before certification — let's talk about where you are and what it'll take to get audit-ready.