Independent Forensic Diagnostic Practice

Pre-Audit Diagnostic
Services for ISO 27001
Environments

Audit Premortem Ltd provides independent forensic analysis of ISMS deployments prior to surveillance and certification audit activity. We identify the structural failure patterns that internal audit processes are designed — consciously or not — to miss.

Initiate Diagnostic → View Services
— Company Details
Registered Name
Audit Premortem Ltd
Jurisdiction
England and Wales
Registered Office
Office 19262, 182-184 High Street North
East Ham, London, E6 2JA
Service Area
United Kingdom · European Union
International by arrangement
Nature of Business
Management Consultancy
Information Security Advisory Services
About the Practice

Independent. Forensic.
Adversarial by Design.

Audit Premortem Ltd was established to address a structural gap in the information security advisory market. Internal audit functions are institutionally constrained from identifying the most dangerous ISMS failure modes — because surfacing them creates political problems inside the organisations they serve.

External surveillance auditors operate under no such constraint. They are paid to find what the system says it does, then verify whether it actually does it. The gap between what internal audit finds and what a surveillance auditor finds is the gap this practice exists to close.

"We apply the same adversarial pattern recognition to ISMS environments that hostile surveillance auditors apply — before they arrive."

Our methodology is built on two decades of enterprise deployment and quality assurance engineering applied to information security governance. We do not hold ISO 27001 certifications. We do not need them. The skill set that finds these failures is engineering pattern recognition, not examination performance.

We are not a consultancy. We do not implement. We do not remediate. We diagnose — with precision, in writing, in 48 hours.

— Practice Statistics
Evidence chain failure rate 82%
Average CISO tenure (UK) 18 months
Collapse vectors mapped 24
Primary failure clause 6.1.2
Delivery timeline 48 hours
Governing law England & Wales
Services

Forensic Diagnostic
Service Portfolio

All services are delivered remotely. Evidence is submitted via encrypted channel. Reports are delivered in writing. All engagements are governed by mutual non-disclosure agreement.

01
Protocol 48-H Collapse Vector Diagnosis
Full application of the 24-vector Collapse Vector Model to the client's ISMS documentation. Identifies the specific evidence chain breaks, governance failure patterns, and ownership discontinuities that will trigger expanded sampling under surveillance audit conditions.
Primary Service
02
Full Personal Liability Shield Assessment
Extended diagnostic incorporating personal liability exposure mapping under NIS2 Article 20, DORA Article 5, and UK GDPR accountability frameworks. Includes escalation documentation language for board presentation and accountability transfer.
Extended Service
03
Evidence Chain Integrity Review
Targeted analysis of evidence chain continuity across selected ISO 27001:2022 clauses. Identifies traceability breaks between policy, risk treatment, operating controls, and management review records. Delivered as a clause-level findings register.
Targeted Service
Engagement Process

How an Engagement
Operates

Every engagement is governed by mutual NDA from initiation. Evidence is handled under strict data minimisation principles and permanently deleted within 24 hours of report delivery.

01
Initiation and Agreement
Client initiates engagement by contacting our office directly. Mutual NDA and service agreement are accepted digitally. Payment is confirmed. Engagement slot is allocated. The entire initiation process is confidential and leaves no corporate paper trail.
02
Secure Evidence Submission
Client receives a private encrypted upload link. ISMS documentation, risk register, internal audit records, management review records, and corrective action logs are submitted. Clients are advised to remove or redact PII from documents prior to submission.
03
Forensic Analysis — 48 Hours
The full Collapse Vector Model is applied to submitted documentation. Evidence chains are traced from policy through risk treatment to operating controls and management review. Governance failure patterns are identified. Personal liability exposure points are mapped.
04
Report Delivery
Written diagnostic report is delivered via secure link. The report identifies specific collapse vectors, evidence chain discontinuities, and escalation language for board presentation. Findings are written in audit language with binary verdicts — no reassurance, no theatre.
05
Data Deletion
All client-submitted documentation is permanently deleted within 24 hours of confirmed report delivery. No copies are retained. No backup exists. The only record of the engagement is the diagnostic report — in the client's possession, on the client's terms.
Sectors Served

Organisations Under
Active Audit Pressure

Our services are relevant to any organisation operating an ISO 27001 ISMS subject to surveillance or recertification audit activity, particularly where regulatory personal accountability frameworks apply.

Financial Services
DORA · FCA · ISO 27001
Healthcare
DSPT · NIS2 · ISO 27001
Critical Infrastructure
NIS2 · CAF · ISO 27001
Professional Services
ISO 27001 · GDPR · ICO
Technology
ISO 27001 · SOC 2 · NIS2
Legal & Compliance
SRA · ISO 27001 · GDPR
Education
ISO 27001 · Cyber Essentials
Public Sector
GDS · ISO 27001 · NIS2
NIS2 Directive — Article 20
Management bodies of essential and important entities face personal liability for infringements. Temporary bans from management functions are explicitly provided for. Personal accountability is now legally testable.
DORA — Article 5
Management body members of financial entities must maintain ICT risk expertise. The standard of adequate oversight is legally enforceable. Personal exposure applies to individual members, not just the organisation.
UK GDPR — DSG Retail Precedent
The duty of care for security controls is absolute. No harm occurred is no longer a viable defence. Personal accountability follows the closest named individual to the failure point — regardless of resource allocation decisions made above them.
Contact

Get in Touch

Company
Audit Premortem Ltd
Registered in England and Wales
Address
Office 19262
182-184 High Street North
East Ham, London
E6 2JA
Email
ops@auditpremortem.com
Telephone
+44 7456 317772
Service Hours
Monday — Friday
09:00 — 17:00 GMT
Response Time
Within 2 business hours
for engagement enquiries
Initiate a Diagnostic Engagement

All engagements are initiated through direct contact with our office. Mutual NDA is executed at point of initiation. Payment is confirmed before any documentation is requested. The entire process is private and confidential.

Begin Engagement Process →

For general enquiries, partnership discussions, or to speak with our team before initiating a formal engagement, email ops@auditpremortem.com directly. We respond to all substantive enquiries within two business hours during office hours.