ISO 27001 Support
Practical, end-to-end ISO 27001 support - from gap assessment through to certification. Our certified auditors build an ISMS that your organisation can actually run, not just pass once.
What we deliver
From initial gap analysis to certification and beyond.
Gap Assessment
A structured review of your current controls against ISO 27001:2022 requirements. We produce a clear gap register with risk ratings and a prioritised remediation plan - so you know exactly what's needed and in what order.
ISMS Design & Documentation
We design and build your Information Security Management System - scope definition, context of the organisation, risk treatment process, and the full suite of policies and procedures required by the standard.
Risk Assessment & Treatment
ISO 27001's risk-based approach done properly. We facilitate risk identification workshops, build your risk register, and produce a risk treatment plan and Statement of Applicability (SOA) mapped to Annex A controls.
Controls Implementation
Hands-on implementation of the technical and organisational controls defined in your treatment plan - from access control and logging through to supplier management and incident response procedures.
Internal Audit
We conduct your ISO 27001 internal audit - structured, evidence-based, and designed to surface real nonconformities before your certification body does. Includes an audit report and corrective action register.
Certification Audit Support
We prepare your team for Stage 1 and Stage 2 audits - document reviews, readiness checks, and day-of support to answer auditor questions clearly and confidently.
Our approach to ISO 27001
Certification as a by-product of good security
We don't build an ISMS designed to pass an audit and nothing else. We build a programme that reflects your real risks, your real controls, and your real operations. Certification follows naturally - and the ISMS remains useful afterwards.
A document that lives in a drawer isn't a management system.
Pragmatic, not bureaucratic
ISO 27001 can generate a lot of documentation overhead if approached without discipline. We focus on what the standard actually requires, what's proportionate to your risk profile, and what your team can realistically maintain post-certification.
Right-sized for your organisation - not copy-pasted from a template.
The certification journey
1 - Gap assessment
Understand where you are against ISO 27001:2022. Identify the gaps, size the effort, and build the roadmap.
2 - ISMS build
Define scope, complete the risk assessment, design and implement controls, and produce the required documentation.
3 - Internal audit & review
Internal audit, management review, and corrective action - getting your ISMS ready for the certification body.
Ready to start your ISO 27001 journey?
Get in touch for a no-obligation discussion about your timeline, scope, and what's involved for your organisation specifically.