Insights

It's been an extremely busy start to the year at Sampson ISO Audit & Consult Ltd — barely a moment to breathe. So I thought it sensible to take stock of what we've achieved, how we've delivered it, and where we want to go for the rest of the year.

Receiving notice of an upcoming ISO audit often triggers a wave of anxiety for organisations that haven't been through the process before. Quite commonly, ISO audit preparation involves a last-minute scramble to update documentation and review procedures, prompting an all-hands-on-deck approach.

In my experience as a Lead Auditor, I’ve seen many organisations approach ISO 27001 risk assessment as a creative writing exercise. They’ll start by building a massive spreadsheet, filling it with ‘low, medium, high’ labels and hope I don't look too closely at the underlying detail. But in 2026, with cyber threats evolving at machine speed, auditors have had to change their approach to adjust to a much more threatening landscape. What we’re not looking for is a perfect list