The “Huge Value” of Consolidating Your Cybersecurity Audits | Pivot Point Security

Pivot Point Security
2 min readSep 14, 2020


Last Updated on September 16, 2020

Many organizations seeking ISO 27001 certification face other cybersecurity compliance audits as well, like SOC 2, ISO 27701, HITRUST, FedRAMP and/or CMMC.

If that applies to your company, consider the benefits of consolidating your cybersecurity audits so they happen at the same time with one registrar/audit firm.

Streamline your activities to save considerable time and money.

“If I can go to one auditor versus six auditors, I think that’s a huge value proposition,” said John Verry, Pivot Point Security’s CISO and Managing Partner, on a recent episode of The Virtual CISO Podcast. John’s guest was Ryan Mackie, Principal and ISO Practice Director at leading audit firm Schellman & Company. Both John and Ryan are certified ISO 27001 Lead Auditors.

“We’ve designed our services to be able to meet that, so we’ve got cross-trained team members for ISO 27001, SOC 2, FedRAMP, PCI and everything else,” notes Ryan. “Especially with ISO 27001, when we do have the control set in play, there’s so much commonality between just the basics there. So if we can use somebody doing a SOC 2 audit that’s ISO trained, all the testing that they do for SOC we can apply to ISO.”

“If you’re preparing for one external audit that’s going to cover everything-the amount of time that you take away from your control and process owners, the reporting, a consolidated findings document…,” Ryan replies. “And so it’s so much easier to have that (and I hate to say it) one neck to choke.”

With third-party consultants, the time/cost benefits are similar. For example, Pivot Point Security frequently performs consolidated internal audits that cover ISO 27001 and SOC 2, or ISO 27001 and PCI, etc.

If your company is preparing for (or contemplating) an ISO 27001 audit, the episode of The Virtual CISO Podcast with Ryan Mackie will be of enormous value to you.

You can listen to the entire show here. If you don’t like using Apple Podcasts, click here.

Originally published at on September 14, 2020.



Pivot Point Security

We are a trusted source of simple, practical, and actionable information security guidance.