Step 01 · Terms of Service

Before we start, the important bits.

We keep our terms short and direct. Please read these before continuing — by ticking the box at the bottom you confirm you've read and accepted them.

What you're buying

One ISO/IEC 27001:2022 internal audit conducted by InternalCheck on the ISMS scope you provide, delivered as a written draft report by email to the audit email address you nominate. The price is a fixed £299 and includes one free revisit to verify closure of findings.

Key terms you must accept to proceed

No guarantee of certification body acceptance Our reports are produced in the format that ISO 27001:2022 certification bodies typically expect, and have been used successfully by SMEs in real audits. However, every certification body and external auditor exercises their own judgement. We do not, and cannot, guarantee that your certification body will accept the report. Final acceptance decisions rest with your auditor, and we are not liable if a report is rejected or requires changes.
The 24–72 hour draft turnaround is not a contractual deadline We aim to deliver a draft within 24–72 working hours after we have all of your evidence. If your evidence is incomplete, ambiguous, or larger in scope than typical, the audit may take longer. We will notify you if this is the case. Delay beyond 72 hours does not entitle you to a refund.
The audit is non-refundable once work has begun Because the audit work begins as soon as we have your evidence, the £299 is non-refundable from that point onwards. If you change your mind before submitting any evidence, you may request a refund within 7 days of payment by emailing hello@internalcheck.me. Refunds are at our discretion outside this window.
One free revisit is included; further revisits are £150 each After your draft report is delivered, you have 90 days to request one free revisit to verify closure of findings. Each subsequent revisit is charged at a flat £150. The free revisit cannot be carried forward beyond 90 days from the original draft date.
You are responsible for the evidence you provide We audit the evidence and access you supply. We do not verify the authenticity of evidence, nor do we conduct discovery beyond the scope you grant us. You confirm that you have the authority to grant us read-only access to any platform (Vanta, Drata, etc.) or to share any evidence you submit.
Confidentiality and data handling We treat all evidence and findings as confidential. We do not share, resell, or repurpose your data. Evidence is retained only for as long as needed to deliver the report and any revisits, and is deleted within 12 months unless you ask us to retain it for longer.
Limitation of liability Our total liability arising from or in connection with this audit is limited to the amount you paid for it (£299), regardless of the cause of action. We exclude all liability for indirect, consequential, or business-interruption losses to the extent permitted by law. Nothing in these terms limits liability that cannot be excluded under Scottish law (e.g. for fraud or death/personal injury caused by negligence).
Governing law These terms are governed by the laws of Scotland, and any disputes will be subject to the exclusive jurisdiction of the Scottish courts.

I have read and accept the terms above. I understand the audit is non-refundable once work has begun, that timelines are estimates, and that InternalCheck does not guarantee acceptance of the report by any certification body or external auditor.

Cancel

On the next page you'll be taken to Stripe's secure checkout where you'll enter your name, email, billing address, and card details. We never see or store your card information.