ISO 27001:2022 Internal Auditor — 2-Day Remote Engagement (Fixed Price)

We're a 5-person fully-remote Indian health-tech startup (Babynama / Gagahealth Pvt Ltd) preparing for ISO 27001:2022 Stage 2 certification with Intercert in August 2026. We need ONE ISO 27001:2022 Internal Audit per Clause 9.2.2 — nothing else bundled.

SCOPE

- 32 documents already drafted (5 ISMS docs, 16 policies, 4 registers, plus records). SoA finalised.

- Cloud-only on GCP (asia-south1), no on-prem, no physical office in scope.

- 5 employees + ~100 contractor doctors (BYOD).

- Remote audit only — no site visit required or possible.

DELIVERABLES

- Audit plan (1-pager)

- 2 days of remote fieldwork via Google Meet (doc review + 3-4 control-owner interviews)

- Written audit report with findings against Clauses 4–10 and Annex A controls per our SoA

- Nonconformity / Observation / Opportunity-for-Improvement list with severity

REQUIREMENTS

- Lead Auditor must hold a current PECB / IRCA / BSI ISO 27001:2022 Lead Auditor certification (share cert number + CV with quote)

- Independence: you must not have written, reviewed, or approved any of our existing 32 ISMS documents

- Fixed-price quote (not T&M) — all-inclusive of fieldwork + report

- No implementation consulting, no VAPT, no remediation work — those are out of scope

- Target turnaround: complete audit + report within 3 weeks of engagement

PRE-READ

We will share the full ISMS doc set (Google Drive) on engagement so day-1 starts hot.

PLEASE REPLY WITH

1. Your fixed all-in INR price

2. Lead Auditor name + certification ID + CV

3. Earliest available start date

4. 1-2 references from prior small-org ISMS audits