A first-party audit is an audit conducted by an organization on itself, to determine whether their systems and procedures are consistently improving their ability to provide information security (IS) for itself and its interested parties, and as a means to evaluate conformance with their procedures and the Standard. Internal Audits are a requirement of most ISO Standards.
Second-party- Customer or Supplier
A second party audit is that carried out on a current or potential supplier by a purchasing organization; audit results may then be used as a part of the purchasing evaluation. Purchasers must consider how much assurance is needed for a particular ISO Standard. By consideration of a number of factors, a decision can be reached as to the relative importance of the supplier having a fully compliant system. This should mean that even if a supplier had a very attractive price and delivery, they would not be given a contract where risk was involved due to weaknesses in their Management System.
Third-party- Certification or Independent
The third-party certification scheme was designed to reduce, and perhaps remove the need for many second party audits, by providing a list of companies whose systems had been assessed and shown to be in conformance with a level of ISO Standard. The assurance thus provided to potential customers would mean that they might not have to audit suppliers themselves, providing that the assurance given by the third party satisfied their needs. It could be the case that a purchasing organization might not even consider a tender from a supplier unless they are certified to ISO Standard.
You can invite us to audit your management systems for a purpose of evaluation of effectiveness of your Management System, statutory and regulatory requirements, or to access the effectiveness of a particular risk treatment etc.