Secure & Simple — Podcast for Consultants and CISOs on Cybersecurity Governance and Compliance

In this Secure & Simple Podcast episode, host Dejan Kosutic (CEO of Advisera) interviews Aron Lange, founder of GRC Lab and an ISO 27001 certification auditor, about what auditors look for in certification audits. Aron highlights common nonconformities and explains how auditors gather objective evidence through interviews, document review, and observation, emphasizing execution over paperwork. The conversation also covers auditor interpretation, challenging unsupported findings, risk-based control auditing, management-system vs security-posture certification, continual improvement, and the difference between nonconformities and opportunities for improvement.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account 
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining