Provision of an ISO27001 Internal Auditor

Description

IntroductionISO 27001 is an internationally recognised standard for managing and maintaininginformation security within businesses. It outlines the requirements for an information security management system (ISMS), and provides a framework for establishing, implementing, maintaining and continually improving business information security.Social Care Wales has held ISO 27001:2013 certification since 2008, achieving our most recent triennial recertification in April 2024. We are amid transitioning to the 27001:2022 standard and are due to transition in February 2025.What is required / ‘The Requirements’We are seeking the provision of an ISO 27001 Internal Auditor to evaluate and ensure the continued effectiveness and compliance of our Information Security Management System (ISMS) in accordance with the ISO 27001 standard.The audit should be performed independently and aligned with the requirements of the ISO IEC 27001:2013 (ISO 27001) standard.The Internal Auditor will:- Prepare and agree an ISMS audit scope and engagement letter with Social Care Wales;- Review and assess the ISMS documentation, including policies, procedures, and controls in line with the standard;- Plan and execute internal audits, including the preparation of audit plans and schedules;- Interview relevant personnel and gather evidence to assess compliance and effectiveness;- Evaluate the implementation of risk assessments and treatment plans;- Analyse audit findings and prepare detailed reports outlining strengths, weaknesses, and recommendations for improvement;- Present findings to senior management and relevant stakeholders;- Follow up on previous audit findings to ensure corrective actions have been implemented;- Follow through any external certification audit findings and remedial actions received by Social Care Wales.Please see Specification for more detailNOTE: To register your interest in this notice and obtain any additional information please visit the Sell2Wales Web Site at https://www.sell2wales.gov.wales/Search/Search_Switch.aspx?ID=145666.The buyer has indicated that it will accept electronic responses to this notice via the Postbox facility. A user guide is available at https://www.sell2wales.gov.wales/sitehelp/help_guides.aspx.Suppliers are advised to allow adequate time for uploading documents and to dispatch the electronic response well in advance of the closing time to avoid any last minute problems. (WA Ref:145666)The buyer considers that this contract is suitable for consortia bidding.