Ravindra Gandhi — Principal Consultant.

Principal Consultant at CertiTrust Consulting. Over two decades of specialised experience in IT audit, ISO 27001 lead auditing and implementation, SOC 2 readiness, and information security governance across regulated industries in India.

Speak with Ravindra → View Pricing

ISO 27001 Lead Auditor ISO 27001 Lead Implementer CISA — ISACA IRCA / CQI Member

Ravindra Gandhi Principal Consultant, CertiTrust Consulting

20+

Years Experience

50+

Certifications Led

// credentials

Certifications & professional affiliations.

Qualifications maintained through continuing professional development under recognised international bodies — directly relevant to ISO 27001, ISO 27701, SOC 2, and audit practice.

View all certificates →

ISO 27001 Lead Auditor — IRCA / CQI certified
ISO 27001 Lead Implementer
CISA — Certified Information Systems Auditor (ISACA)
ISO 27701 Privacy Information Management Specialist
Member, ISACA (International)
Member, IRCA / CQI (International)

// experience

Two decades across audit-driven industries.

Ravindra has led IT and information security audit and consulting engagements across manufacturing, pharma, financial services, SaaS, and technology sectors — supporting both certification programmes and independent internal audits for organisations subject to regulatory and enterprise scrutiny.

As Principal Consultant at CertiTrust, he leads every client engagement personally — ensuring the depth and discipline that defines the firm's reputation is present from the first conversation to the final audit outcome.

ISO 27001:2022 ISMS design, implementation, and certification audit support
ISO 27701:2025 PIMS integration and privacy programme design (DPDP & GDPR aligned)
SOC 2 Type I & II readiness for SaaS and technology platforms
IT infrastructure audits aligned with SEBI / IRDAI cyber guidelines
Vulnerability assessments and risk-based control reviews
Vendor & third-party risk management programmes
Corporate cybersecurity awareness programmes and conferences

// guiding principles

Three principles that shape every engagement.

These are not aspirational values — they are operational rules that determine how every CertiTrust engagement is structured and delivered.

Evidence over assertion

If a control cannot be independently verified, it cannot be relied upon. Every engagement is structured around evidence that holds up when examined by a certification auditor, not just reviewed by an internal team.

Independence over comfort

The value of independent assessment depends entirely on its independence. Identifying weaknesses early — while correction is still possible — is the discipline that makes CertiTrust clients audit-ready rather than audit-reactive.

Discipline over breadth

A focused practice produces depth. CertiTrust accepts fewer engagements than it is offered — and declines work outside its core specialisations. Predictable audit outcomes depend on this discipline.

// direct engagement

Ravindra leads every engagement personally.

There is no hand-off to junior staff after the initial call. As Principal Consultant, Ravindra is the point of accountability throughout — from scope definition through to audit readiness confirmation.

Schedule a conversation →

Personal involvement in scope definition and gap assessment
Direct engagement with certification auditors where required
Honest readiness confirmation before external audit submission
Post-certification support for surveillance and renewal cycles
Single accountable contact throughout the engagement

// engage

Speak with Ravindra directly.

For ISO 27001, ISO 27701, SOC 2, or IT audit engagements — schedule a conversation. Honest scope, realistic timelines, defensible outcomes.

Schedule a Conversation → Founder's Desk