ISO 27001:2022 Internal Auditor — 2-Day Remote Engagement (Fixed Price)

We're a 5-person fully-remote Indian health-tech startup (Babynama / Gagahealth Pvt Ltd) preparing for ISO 27001:2022 Stage 2 certification with Intercert in August 2026. We need ONE ISO 27001:2022 Internal Audit per Clause 9.2.2 — nothing else bundled. SCOPE - 32 documents already drafted (5 ISMS docs, 16 policies, 4 registers, plus records). SoA finalised. - Cloud-only on GCP (asia-south1), no on-prem, no physical office in scope. - 5 employees + ~100 contractor doctors (BYOD). - Remote audit only — no site visit required or possible. DELIVERABLES - Audit plan (1-pager) - 2 days of remote fieldwork via Google Meet (doc review + 3-4 control-owner interviews) - Written audit report with findings against Clauses 4–10 and Annex A controls per our SoA - Nonconformity / Observation / Opportunity-for-Improvement list with severity REQUIREMENTS - Lead Auditor must hold a current PECB / IRCA / BSI ISO 27001:2022 Lead Auditor certification (share cert number + CV with quote) - Independence: you must not have written, reviewed, or approved any of our existing 32 ISMS documents - Fixed-price quote (not T&M) — all-inclusive of fieldwork + report - No implementation consulting, no VAPT, no remediation work — those are out of scope - Target turnaround: complete audit + report within 3 weeks of engagement PRE-READ We will share the full ISMS doc set (Google Drive) on engagement so day-1 starts hot. PLEASE REPLY WITH 1. Your fixed all-in INR price 2. Lead Auditor name + certification ID + CV 3. Earliest available start date 4. 1-2 references from prior small-org ISMS audits Apply To This Job