InfoSecProsHub
Book a call
Menu
763-332-9976
Book a call
Home
/
Services
/
pre-audit preparation
Pre-audit preparation

Audit readiness — SOC 2 & ISO 27001

Close the gaps before the auditor finds them. ISPH manages preparation, evidence, and coordination — not the audit itself. Audit firm fees are client-paid and disclosed separately.

Book a scoping call
All services
  • 3 to 10 weeks preparation
  • SOC 2 Type I & II ISO 27001 Stage 1 & 2
  • Audit firm fees: SOC 2 $15K–$40K · ISO 27001 $8K–$20K (client-paid)

Evidence quality determines audit outcomes

Auditors form impressions quickly — a well-organized GRC platform with complete narratives and clean evidence signals maturity. A platform full of incomplete evidence and missing documentation signals risk. We close that gap before the auditor shows up.

Audit firm fees (SOC 2: est. $15K–$40K; ISO 27001: est. $8K–$20K) are client-paid and disclosed separately at every scoping call.

Pricing tiers

Starter
$4,500–$7,500
one-time · 22–36 hrs · 3–4 weeks
Overage: $185/hr · Audit firm fee separate: $15K–$40K for SOC 2
  • Pre-audit gap assessment (framework-specific control checklist)
  • Evidence inventory review (what you have vs. what auditors require)
  • Top 20 critical control gaps and remediation priorities
  • Auditor preparation briefing document
  • GRC platform evidence readiness score
  • Pre-audit cleanup support (in GRC platform)
Growth · Most popular
$8,500–$15,000
one-time · 45–75 hrs · 4–6 weeks
Overage: $195/hr · Audit firm fee est. $15K–$40K (client-paid, separate)
  • Everything in Starter
  • Full evidence collection and organization (all controls)
  • Control narrative writing (how each control is implemented — plain English for auditors)
  • Exception documentation and management letter preparation
  • Draft responses for auditor RFIs
  • Mock auditor walkthrough (internal dry run)
  • 6-week remediation support window
  • Auditor selection guidance and coordination
Professional
$15,000–$24,000
one-time · 80–120 hrs · 5–8 weeks
Overage: $195/hr · Audit firm fee est. $20K–$40K (client-paid)
  • Everything in Growth
  • Full auditor management (kickoff through report issuance)
  • Management response drafting (all findings)
  • Auditor-grade evidence quality review
  • Scope documentation (systems, services, boundaries — formal)
  • Type II observation period monitoring support
  • Post-audit corrective action plan
  • ISO 27001 certification body coordination Stage 1 + Stage 2
Enterprise
$24,000–$42,000
one-time · 125–175 hrs · 6–10 weeks
Overage: $225/hr · Combined audit firm fees for multi-framework est. $30K–$80K+
  • Everything in Professional
  • Multi-framework concurrent audit coordination
  • Executive and board audit status reporting
  • Audit committee preparation support
  • Regulatory audit parallel support (OCR, SEC if applicable — legal counsel separate)
  • Post-audit remediation program management (12 months)
  • Year-over-year audit maturity improvement program
  • Management representation letter preparation

Post-audit recommendation

  • Set up the Compliance Maintenance Plan to sustain evidence until renewal — starting immediately post-audit
  • Start vCISO Growth for year-round program ownership

Post-audit: keep the program running with the compliance maintenance plan.

The next audit preparation starts immediately after this one closes. We set up the ongoing program at the same time.

Talk to a practitioner