Skip to content
Vectel
Support/Compliance and regulations

Customer announces a security audit, what do I supply?

Standard kit: ISO or NEN certificate (if any), DPA, recent pen test or vulnerability scan, information-security policy, BCM plan, and evidence of backup-and-restore tests.

Try this first

  1. 1Ask for scope. "Security audit" is broad; request the exact questionnaire (often custom, sometimes SIG/CAIQ).
  2. 2Collect existing artefacts. Certificates, DPA, sub-processor list, security policy, incident response plan, backup procedure, vulnerability report.
  3. 3For gaps, prepare an honest status plus timeline. "ISO 27001 in progress, audit Q3" beats implying something that does not exist.
  4. 4Designate a point of contact for the audit. Not the whole organisation needs access to the Q&A.
  5. 5Keep your own log of what you delivered and when. It saves days at the next audit.

When to bring us in

Deep audit with on-site visits or pen-testing rights, and you have never done one? An experienced auditor or consultant in advance is good money.

See also

None of the above fits?

Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.

Who are you?

For the AI question we need your email and company, so we can follow up if the AI gets stuck, and to prevent abuse.

Limited to 2 questions per hour and 5 per day, kept lean so the AI stays useful. For more, contacting us directly works better for you and us.

Or skip the DIY entirely

Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.

Bring us inHow Managed IT works