How to help your auditor fall in love with your ISMS

See how we can help your auditor fall in love with your ISMS

Did you watch “Blind Date” back in the day? It was the Eighties’ answer to “First Dates”. Its host, Cilla Black, always promised everyone on the show “a lorra, lorra laughs”. Then she’d get busy matchmaking couples from her contestants to make those laughs happen.

She could have been talking about ISO 27001 audits. OK, they won’t be a laugh-a-minute affair, and it’s a safe bet there won’t be any actual romance, but they should be a friendly, productive, perhaps even enjoyable meeting of minds.

Here are our seven top tips for making the most of your ISO 27001 dating certification experience.

First impressions really matter

Ever dressed yourself up to make the best possible impression? It’s worth sharpening up for your ISO 27001 audit too. Auditors see many ISMSs. Most are made up of bland, forgettable, interchangeable documents. We hate to say it, but they’re usually pretty boring.

So, think about polishing up your ISMS. Bring its brilliance to visual life with compelling, practical diagrams, images and other design elements. Your auditor will get to grips with it much more quickly, and they’ll help your users understand and comply with it too.

But don’t worry about flowers or chocolates. Auditors have to be impartial, so can’t accept gifts. All it takes to win them over is an excellent ISMS. They love ones built on platforms like ours, with its delightful user interface, rich, deep content and attractively open transparency.

Don’t dress too far up or down

When you’re the one arranging a first date, it’s best to let your new love know where you’re taking them. That way they don’t end up in black tie down the pub, or in jeans and a T-shirt at a posh restaurant. And these days you’ll make sure you’re both COVID-safe too.

An audit’s just the same. Share your organisation’s dress code, so your auditor can choose whether to dress up or blend in. Talk through PPE needs and provision. And let them know of any site tours, so they can bring their own safety boots, helmet, overalls or whatever else.

Dress codes are usually beyond the scope of an ISMS, so they’re not something we discuss with our customers. But you can use our system to set reminders for you and your team. Maybe one of them will remind you to have that dress code chat with your auditor…

A little thoughtfulness goes a long way

When you’re out on a first date, big, romantic gestures can be a turn-off. Too much, too soon! But thoughtful little gestures always make a good impression. It’s the same with an audit. Auditing’s a tough job, so your auditor will really appreciate those little bits of help.

Reserve a car-parking space next to your front entrance. Pre-brief reception. Make sure your auditor’s accompanied but socially distanced at all times and that all auditees are punctual. Sort out lunch and tea breaks, making sure you’ve checked up on any dietary needs.

Oh, and auditors generally love chocolate biscuits, though maybe save the heart shaped ones for the second audit. But don’t go overboard! A massage chair might be a bit much, unless of course you’re a massage chair manufacturer. Then it’s all part of the audit…

Get a room!

Yes, really. For onsite audits, provide a private office with a disinfected desk, monitor, printer and the like. Your auditor can use it to work on their audit findings and write-up, giving you a bit of a respite. After all, too much time together too early in a relationship can be unhealthy.

We’d also recommend sorting out other organisational details like access to documents, people, systems, data and so on. And it should all be ready ahead of time. Nobody wants an awkward, embarrassed silence while people scurry round in the background fixing things up.

The best ISMS platforms (like ours) are pretty transparent, so it’s easy to share whatever your auditor needs to see. We can also help you plan for your auditor’s visit, so you can create the perfect little hideaway for them.

Parting is such sweet sorrow

It’s the end of your audit. It’s gone brilliantly. And then your auditor leans over and whispers those three little words you and your ISMS team have been longing to hear: “You have passed.” Well done! You’ve achieved the perfect first date.

But we have to add in a non-romantic point of order. Organisations don’t actually pass or fail their ISO audit. Ideally you’re “recommended for certification”. You’ll still have to wait a couple of weeks for full certification. But it’s much easier and nicer to say the word “pass”.

Then you’ll part not with a kiss, but with a socially distanced air handshake and a cheerful “thank-you, see you next time”. And like all good dates, it’ll probably be the first of many. You’ll be meeting again for maintenance and re-certification audits, which of course we can help you through.

How was it for you?

It was the perfect audit. You have such happy memories. But as well as enjoying the afterglow, take a moment to reflect. In the spirit of ISO 27001 Clause 10.2’s need for continual improvement, reflect on any improvements you can make.

Follow up on any improvement suggestions and findings quickly and fully. Think through how you can polish your systems and processes. Those little things will leave a lasting impression. Your auditor will love that you’ve listened closely and made the effort to change.

Our platform’s designed to help you continuously improve your ISMS. That kind of change is at the heart of any strong, enduring relationship. The best partners are the ones that bring out the best in you and your organisation, whether that’s your auditor, us or anyone else.

So where is this relationship going?

In the short-to-medium term, it’ll go to some pretty good places. You’ll usually see the same auditor for a few audits. Your certification body might well nominate them as your prefered auditor, which’ll help you develop a deeper, more meaningful relationship with them.

You’ll build up clear, well-established communication channels. They’ll be on top of the logistics of auditing your ISMS. And of course they’ll have an in-depth knowledge of it as it grows and develops. But alas, it will just be a romance, not a marriage.

Too much familiarity has many potential drawbacks. So sadly you’re unlikely to see the same auditor for more than a few years. Oh well, it’ll be good while it lasts. And our platform will help your next auditor fall in love with your ISMS all over again.

See our platform in action