Evidence in. Findings out. Auditor confirmed.
Seven steps from evidence upload to signed-off ISO 27001 internal audit report. Manylder's platform reviews your evidence. Manylder's lead auditor confirms every finding.
Upload.
Evidence files — Word, Excel, PDF — uploaded securely to an isolated tenant environment. Each organisation's data is strictly separated. No cross-tenant access.
Extract & Deduplicate.
Text extracted from all evidence files. Duplicate and near-duplicate documents identified and consolidated automatically, so the same policy is not evaluated twice.
Classify.
AI determines which ISO 27001:2022 clauses are relevant to each document. A risk treatment plan is mapped to Clause 6.1.2. An access control policy is mapped to Annex A controls. Every mapping is visible in the output.
Map.
Evidence mapped to specific clause requirements using knowledge base retrieval. Each clause receives the evidence that addresses it — with citations linking back to specific sections and paragraphs of source documents.
Evaluate.
Manylder's platform reviews each clause against the auditing principles and based on industry-recognised methodology. A provisional finding status is assigned — Conforming, Minor Non-Conformity, Major Non-Conformity, or Observation — along with a confidence score reflecting the platform's assessment of evidence sufficiency.
All findings at this stage are provisional. They represent Manylder's evidence review — not the final audit conclusion, which requires Manylder's lead auditor.
Auditor Review.
Manylder's qualified lead auditor reviews all provisional findings from the evidence analysis. They apply professional judgement — as required by ISO 19011:2018 — and confirm or amend each status, each evidence citation, and each supporting rationale.
This is not a rubber stamp. Manylder's lead auditor may change a Conforming finding to a Minor NC. They may upgrade an Observation to a Major NC. They may request additional evidence. Manylder's ISO 27001 internal audit service is designed for this — the review step is the audit.
Functional status colours (Conforming, Minor NC, Major NC, Observation) are only applied after the lead auditor confirms each finding. Until then, findings display as Pending.
Report.
Professional PDF report generated with executive summary, per-clause findings, evidence citations, and confidence scores. Signed off by Manylder's lead auditor. The report becomes a formal audit output only after the lead auditor has reviewed, amended where necessary, and confirmed the findings.
Finding statuses. Defined precisely.
Evidence demonstrates that the clause requirement is met. Manylder's lead auditor has reviewed the evidence and confirmed the finding.
A gap in evidence or implementation that does not directly compromise the management system but requires corrective action.
A significant gap that directly affects the ability of the management system to achieve its intended outcomes. Requires immediate corrective action.
An area for potential improvement. Not a non-conformity, but noted for the organisation's consideration.
Confidence scores exist because certainty is not guaranteed.
Each provisional finding includes a confidence score — a percentage reflecting how well the available evidence addresses the clause requirement.
High scores mean strong evidence alignment. Low scores mean the platform found gaps, ambiguity, or insufficient documentation. Manylder's lead auditor uses these confidence scores as a prioritisation signal: review the low-confidence findings first.
The platform produces the scores. Manylder's lead auditor produces the conclusions.
Information Security Risk Treatment
Risk treatment plan documented with clear risk ownership, treatment options, and residual risk acceptance criteria. Evidence of management review and approval present.
Evidence: ISMS-RTP-001 v3.2; Management Review Minutes 2025-Q2
Designed in alignment with ISO 19011:2018.
The workflow addresses ISO 19011:2018 auditing principles at every step.
Evidence-Based Approach
All findings are linked to specific document citations. No unsupported assertions.
Due Professional Care
AI findings are a starting point. Review by Manylder's qualified lead auditor is a required workflow step.
Fair Presentation
Confidence scores and evidence citations shown in full. Nothing is suppressed.
Independence
Manylder's lead auditor is independent of the activity being audited. The platform does not audit the auditor's own function.
See it work on your evidence.
Leave your email and I'll walk you through the full pipeline with your own documentation.