top of page

Know your next Internal Auditor


Chirayu is a PECB Certified ISO/IEC 27001 Senior Lead Auditor with over 14 years of experience in the InfoSec domain, focused on leading the development of IT security design and architecture projects in alignment with business, operations and compliance requirements. He has carried out a few Oracle DB deployments for some of Australia's most prominent fashion industry retailers. Chirayu has worked across a wide variety of sectors including information technology, public transport, risk management, professional services and engineering. 

In addition to ISO, Chirayu earned a graduate degree in Data Science from RMIT, PRINCE2, ACMT (Apple Certified) and BrainBench Windows Navigation Expert certifications.

Chirayu has worked as a Senior Lead Auditor for ISO/IEC 27001, 27017, 27018, DESE ISMS Scheme, Essential 8, ISO9001 and also developed and implemented an ISMS framework for small and medium-sized enterprises.  

Importantly, Chirayu’s technical and management experience allows him to “walk in your shoes”, understanding that you want systems that contribute to your profitability and minimise your administration.

Chirayu founded BitSecure in 2018 to provide businesses with the support they need to design and implement information security management systems (ISMS) to improve business performance.

What is an ISO Internal Audit and why it is important?.


The objective of the internal audit is to evaluate the effectiveness of your organisation's Information Security Management System (ISMS) and the overall efficiency of your organisation. Your internal audits show that you are complying with the "provisions", for example, ISMS and how its processes are implemented and sustained.

Why perform Internal Audits?

Our Internal Audit service is ideal for organisations with an operational ISMS that are in the process of achieving ISO 27001 certification or have already been certified. We offer a customised audit program that caters to both one-time and ongoing audits, covering all or selected ISO 27001 clauses and relevant controls. Many organisations choose to outsource this activity to ensure an impartial audit, even if they have internal ISMS management resources.

Advantages of Internal Audit.


  • Discover non-conformities before others do.

  • Ensure a strong security stance by identifying areas that require attention prior to a security event

  • Demonstrate and inform leadership engagement.

  • Support staff in understanding and raising awareness.

  • Drive continuous improvement

To support you in meeting the requirements of the ISO/IEC 27001, especially with the internal audit, we have developed below mentioned key elements that organisations of all sizes can follow. We have also developed an semi-automated compliance platform that will assist organisations in preparing the Statement of Applicability, Risk Assessment, Risk Treatment, Risk Ratings, and controls in Annex-A. BitSecure's Compliance tool reduces the complexity of the design, navigation and execution of an information security management system for ISO27001 certification.


Document & Management Review

  • The document review will assist us with information that should be gathered and reviewed.

  • We will extensively work with management to agree on the timing and resourcing for the audit.



  • This is the stage where the practical evaluation of your organisation takes place.

  • We will observe how the ISMS works in practice by speaking with front-line staff, carry out audit tests to validate evidence as it is gathered, complete audit reports to document the results of each test and review any other relevant data.



  • ​We will sort the evidence gathered during the internal audit and review it against your organisation's risk treatment plan and control objectives.


IA Reporting

  • The audit findings will be shared with management, including: clarifying the scope, IS objectives and extent of the work performed, an executive summary covering the non-conformities (major/minor), high-level analysis and a conclusion and recommended corrective actions.

    How we conduct your ISO27001internal audit    

    How often I need to conduct an internal audit    

The frequency of conducting internal audits for your ISMS depends on several factors, including the size and complexity of your organisation, the level of risk, and specific regulatory or certification requirements. However, for ISO 27001 compliance, it is generally recommended to conduct internal audits at least once a year. Regular audits ensure that your ISMS remains effective, up-to-date, and aligned with ISO 27001 standards. Additionally, more frequent audits may be necessary if significant changes occur within your organisation or if there are specific areas of concern that need closer monitoring.

bottom of page