Internal audits that quietly protect every deal you close.

A missed internal audit or an unclosed nonconformity is how ISO certificates get suspended — and how enterprise deals stall. ISO-STANDARD.app runs the ISO 9.2 audit programme end to end: plan, capture findings by clause, raise CAPAs in one click, and let the platform chase the follow-ups. Built for SMEs and consultants by a 25-year IT governance practitioner.

The audit programme, not a spreadsheet

Most teams run internal audits from a spreadsheet, a shared calendar and a folder of Word docs. Findings drift, action owners change, the next audit repeats the same nonconformity — and the external auditor spots it in ten minutes.

ISO-STANDARD.app treats the audit programme as a first-class object. Every audit has a scope, a lead auditor, a planned date and a live status. Every finding is tagged with the clause it breaches and the control it evidences. Every corrective action is linked back to the finding that raised it, and to the person who owns closing it.

What's included

Audit programme workspace

Schedule audits against your standard. Track planned / in-progress / completed status and the lead auditor for each engagement.

Findings by clause

Log nonconformities (major/minor), observations and opportunities against the exact clause reference. Pre-loaded control catalogue for ISO 27001, 9001, 42001, 20000-1.

One-click CAPA

Convert any finding into a corrective action with root cause, correction, owner, due date and an effectiveness review — the loop ISO 10.1 / 10.2 requires.

Audit follow-up reminders

Overdue CAPAs and stale findings surface on the dashboard so nothing drifts past its due date between surveillance audits.

Management review inputs

Audit results, open findings and CAPA effectiveness flow straight into your ISO 9.3 management review pack — no re-keying.

Audit-ready evidence trail

Every action is timestamped and attributed. Export the programme, the findings log and the CAPA register in one go for your Stage 2 or surveillance audit.

Who it's for

ISMS managers running an annual audit plan

Pain: Spreadsheet audit plan, findings in a Word doc, actions in email — nothing reconciles.

With ISO-STANDARD.app: One workspace where the plan, findings and CAPAs live together, with follow-up reminders driving closure.

Quality managers under ISO 9001

Pain: Audit programme is a wall planner and the CAPA log lives on someone's laptop.

With ISO-STANDARD.app: Clause-tagged findings with automatic root-cause and effectiveness prompts, exportable for the auditor.

Consultants running audits for multiple clients

Pain: Every client gets a different audit template; handovers are messy.

With ISO-STANDARD.app: One repeatable audit workspace per client, with the same clause library and the same CAPA discipline.

Run your next internal audit in the tool the auditor already trusts

Spin up a free workspace, schedule your first audit, log findings against the clause and let ISO-STANDARD.app drive the follow-up.

Prefer a conversation? Email hello@iso-standard.app — a practitioner responds within one business day.

MM
Michael McCarroll
Founder · 25+ years
IT governance · Information security · AI
Why this platform exists

Enterprise-grade governance — built for the SMEs and consultants enterprise GRC forgets.

I've spent 25 years in corporate governance — aligning technology, controls and compliance with what the business is actually trying to do. Time and again, the same pattern: the organisations that win new clients aren't the ones with the biggest GRC budget. They're the ones who can demonstrate trust on demand. This platform is the tool I wanted for the SMEs and consultants I've worked with — institutional-grade governance without an institutional price tag, built on the way audits and buyer reviews actually happen.