Home → Work with us→ AuditorsMeet our Auditors

Andro Kull

Andro Kull, MSECB auditor for ISO/IEC 20000-1: ISO 22301; ISO/IEC 27001; ISO/IEC 27701.

Andro Kull

Help to make world safer and more secure by recognizing the importance of management systems certification audits.

About Andro Kull

I am an experienced information technology, information security, and business continuity auditor, consultant, and trainer. I come from Estonia, and I am happy to work internationally in cooperation with MSECB.

My educational background started with information technology university studies, and I obtained an applied informatics diploma from the University of Tartu, Estonia. In parallel, I started working in the public sector as an IT specialist and IT advisor. After some years of experience in the technology area, I chose the direction of IT management, both in practical work and in university studies at master’s level. I worked for years as an IT manager in the public sector, and at the same time, I took IT management master studies at the University of Tallinn, Estonia. Years later, I was called by the Central Bank of Estonia to work as an IT auditor for the Financial Supervision Authority. I have accumulated eight great years of auditor experience in auditing financial institutions such as banks, insurance companies, investment firms, and fund management companies related to information technology governance, information security, and business continuity. Simultaneously, I started doctoral studies at the University of Tampere, Finland, concentrating on an integrated management systems approach, as experienced during practical work.

After years in the financial sector, I accepted the challenge from the biggest energy company in Estonia to manage information technology and information security risks in Eesti Energia. Besides the experience I had in the financial sector, over the years I also gained experience in the energy sector. Additionally, I worked for around five years at Tallinn University of Technology as a senior researcher, where I had the possibility to be involved in many interesting projects and run information and cybersecurity management courses under an international cybersecurity master program.

Furthermore, I started my own consultancy company, ConsultIT, and around five years ago, reached an ISO-based management systems related partnership with PECB and MSECB to run certification training and certification audits, respectively.


About the experience in auditing


Most of my auditor experience comes from the financial sector and technology sector. As an auditor in the Financial Supervision Authority, we constantly had to run audit projects with small teams of auditors and collect the audit criteria from financial sector regulations. It was always interesting to combine topics such as IT governance, information security, risk management, and cybersecurity, but also incident management, ICT readiness for business continuity, and disaster recovery. It was very exciting to cover the full financial sector too, starting with big international banking institutions, proceeding with medium-sized insurance companies, and ending with small fund management or technology companies. Working in Financial Supervision served as a great opportunity to proceed with international cooperation. I was able to manage the international conference in Estonia amongst auditors from different countries and also attended the information security-related working groups at the European Central Bank.

As experience accumulated over the years, I was able to simply recognize that all the practices related to management systems can be explained by international standards. My own company gave me the freedom to choose the topics and standards based on my own experience and provide the training and audit services for many industry areas, mostly in the public sector, financial, energy, and technology. The real development of the ISO-based management systems format started after the partnership with PECB as a certification body, and I was able to formally earn the appropriate professional management systems certificates such as ISO/IEC 27001, ISO 20000, ISO 22301, ISO/IEC 27701 – Lead Implementer and Lead Auditor; and information security as a main area of expertise related practices such as ISO/IEC 27002, ISO/IEC 27005, ISO/IEC 27032, ISO/IEC 27035, and ISO/IEC 27017.

After earning the Fully Approved MSECB Auditor status a few years ago, I was able to begin providing official certification audit services for a variety of industry sectors. So far, most certification audits are conducted against ISO/IEC 27001 as the Information Security Management System (ISMS) standard, but I am already working on extending certification to Privacy Information Management Systems (PIMS) too, and I see great potential for providing Integrated Management Systems (IMS) certification audits worldwide in the near future, in cooperation with MSECB.

Andro’s experience with MSECB

Cooperation with MSECB started years ago, and I was able to notice quickly that we share the same values as MSECB as a certification body, which are professionalism, a well-functioning format of audit services, trust, integrity, and international recognition.

I remember that my first certification audit projects were challenging for me, but because of the great and very useful feedback that I got during the MSECB quality review of audit documents, I managed to improve myself audit by audit.

Through the years, the projects have been going more smoothly, and I am able to provide better audits to the clients. If audited clients are well prepared, I concentrate on the core of audit activities and run audit procedures based on audit best-practices and principles as professionally prepared by the certification body, MSECB.

All the certification audit projects in cooperation with MSECB have proved to be very successful, and I believe that MSECB is getting better and better, day by day. In recent years, it has been challenging to conduct on-site audits internationally, but MSECB has been flexible enough to overcome these challenges and provide well-functioning alternatives to still reach the audit objectives.

I would recommend working with MSECB. Based on my experience, this certification body not only responds quickly but also provides preventive support, highly professional services, high quality audit documentation, is a well-established international brand that is dedicated to continuous development of services, and last but not least, it has a really nice staff and people to work with.


MSECB Auditor Profile

Andro Kull joined the MSECB Network of Auditors in 2017 and ever since has successfully led many ISO/IEC 27001, ISO/IEC 27701, ISO 22301, and ISO/IEC 20000-1 audits. His professionalism and dedication to objectivity, make him stand out from the rest. Andro’s high performance in audits is also due to his great preparation and very broad experience in a variety of fields. Clients themselves have stated that he owns great interpersonal skills which make the audits run smoothly.
We are honored to have him as part of the MSECB Auditors Network!

Become an Auditor

Build endless connections and professional networks by joining our team of over 500 MSECB Auditors.
We welcome you on board!

Apply to become an
MSECB Auditor