Our Services

We believe internal audit works best when it’s practical, independent, and rooted in a clear understanding of your organisation.

Internal Audit Services

Internal audit strengthens governance, improves controls, and gives leaders confidence that key risks are understood and managed.

We provide a full range of internal audit services, tailored to meet the requirements of each client organisation.

  • Compliance and Regulatory Change
  • Governance
  • Risk Management
  • IT and Cyber Security
  • Programmes and Projects
  • Supply Chains and Third Party
  • Grants
  • Operations
  • Data Privacy
  • Information Systems

Internal audit is a way to improve how an organisation runs. We keep our work proportionate, evidence-based, and action-focused, so findings translate into meaningful change.

Internal Audit Services >>

ISO 27001 Support

ISO 27001 is the recognised standard for information security management, helping organisations reduce risk, build trust and improve governance. Tickbox supports every stage, from gap assessment and implementation to internal audit and transition support.

  • Identify gaps against ISO 27001 requirements
  • Implement improvements across controls, documentation and evidence
  • Prepare with confidence for audit, transition and certification readiness
Get ISO 27001 support >>
ISO 27001 consultancy

Risk management service

Done well, risk management protects people, services, and reputation, and helps leaders make better decisions with confidence.

  • Risk maturity review: a clear view of where you are now, and what “good” looks like for your organisation.
  • Risk health check: we assess your current framework, reporting, and practical day-to-day operation.
  • Training & workshops: tailored sessions for all levels, from operational teams to senior leadership and Board.
  • Facilitation & mentoring: we support your risk leads to strengthen ownership, embed consistency, and improve decision making.

Risk management isn’t a one-off project, it’s an ongoing discipline. We focus on making it useful, proportionate, and embedded, so risks are visible, owned, and acted on.

DSP Toolkit support (DSPT)

The NHS Data Security and Protection Toolkit (DSPT) is an annual online self-assessment used to measure and publish how well an organisation meets the National Data Guardian’s 10 data security standards. It’s required for organisations with access to NHS patient data and/or NHS systems, and is also used for incident and data breach reporting.

We’re here to help you with:

  • DSPT readiness & gap review against your organisation type’s requirements
  • Evidence pack + policy/process support to get you to Standards Met
  • Submission support (including keeping you aligned to the annual deadline)
Get DSPT support >>
DSPT insights >>

Book a 15-minute scoping call

Leave a few details and we’ll arrange a quick call.

We’ll only use your details to respond to your enquiry. See our Privacy Policy .

Prefer email? Mention it in your message.