That was a stressful couple of days but a good learning experience as well. As pointed out by Nihil they were very keen on physical security and impressed by the brand new dead locks on the computer room etc.
In the end they had to ask for an Administrative account as their scanners could penetrate our network and then we had to turn off SP2's firewall on the MS boxen. Very happy with that.
Nessus was the scanner for the Linux platform as expected and that worked in our favour as we use that on ourselves from time to time to see where we're lacking.
Once they'd scanned all of the networks they put out a preliminary report and our network got a pat on the back for the firewalls and also port security on the switches.... Not a bad result so far, now to wait for the full report....
Thanks to all who contributed to this thread. Now to update all of the policies that this process has highlighted I'm missing.