ISO 27001
ISO 27001 Certification Without the 18-Month Pain
ISO 27001:2022 is the world's most widely recognised information security standard. We guide you through the full implementation journey - from gap assessment through to certified ISMS - efficiently and without shortcuts that create audit risk.
Start Your ISO 27001 Journey
Why ISO 27001?
The security certification that opens global enterprise and government doors
Win Global Enterprise Deals
ISO 27001 is the security certification recognised across Europe, Asia, the Middle East, and increasingly in North America. It removes you from security review blocklists in enterprise and government procurement - often permanently.
Build a Systematic Security Approach
An ISO 27001 ISMS forces you to think systematically about information security risk - which threats you face, what controls you have, and where the gaps are. This is more valuable than any individual security tool you could buy.
Demonstrate Continuous Improvement
ISO 27001 certification demonstrates not just that you have controls in place today, but that you have a management system to maintain and improve them over time. That assurance is qualitatively different from a point-in-time assessment.
What's Included
Everything from initial gap assessment to certification audit support
Gap Assessment Against ISO 27001:2022
We assess your current security posture against the full ISO 27001:2022 standard - Clauses 4-10 (the ISMS management requirements) and all 93 Annex A controls - to give you a precise, evidence-based view of your implementation effort.
ISMS Design & Scope Definition
We help you define an ISMS scope that is appropriately bounded - covering the right systems and processes without being so broad it becomes unmanageable - and establish the organisational context, stakeholder requirements, and leadership commitment the standard requires.
Risk Assessment & Risk Treatment Plan
ISO 27001 is fundamentally risk-driven. We build a risk assessment methodology, identify and evaluate information security risks relevant to your scope, and produce a risk treatment plan that drives your control selection and investment decisions.
Annex A Controls & Statement of Applicability
We help you select the Annex A controls appropriate to your risk profile - including the 11 new controls introduced in ISO 27001:2022 - produce your Statement of Applicability (SoA), and guide implementation of selected controls.
ISMS Documentation Suite
We write the complete documentation package your certification auditor expects: information security policy, risk assessment methodology, risk treatment plan, Statement of Applicability, mandatory procedures, and the evidence records that demonstrate your ISMS is operating.
Internal Audit & Certification Preparation
ISO 27001 requires an internal audit programme and executive management review. We conduct your first internal audit, support your management review meeting, run a mock Stage 1 assessment, and prepare you for both Stage 1 and Stage 2 certification audits.
Our Methodology
Three phases from gap to certified ISMS
Gap Assessment & Planning
We assess your starting point against ISO 27001:2022, define ISMS scope, and produce a detailed implementation plan with phase milestones - so you know exactly what's ahead and when you can expect to certify.
Build the ISMS
We implement the risk assessment framework, select and implement Annex A controls, write the full documentation suite, and build the internal processes - security reviews, supplier assessments, incident management - that make your ISMS operational.
Certify
We run your internal audit, support your management review, conduct a mock Stage 1 assessment, and prepare you for Stage 1 (documentation review) and Stage 2 (ISMS effectiveness audit) with your certification body.
Who This Is For
Global Enterprise & Government Suppliers
ISO 27001 is increasingly required to pass procurement security assessments for enterprise customers in Europe, the Middle East, Asia-Pacific, and government sectors worldwide.
Organisations Demonstrating Security Maturity
If customers, investors, board members, or regulators are asking about your information security programme, ISO 27001 certification provides the most credible answer - audited and internationally recognised.
Teams Transitioning from 2013 to 2022 Standard
The transition deadline to ISO 27001:2022 has passed. If you hold a 2013 certificate or are working from 2013 controls, we help you understand what's changed and implement the updates your renewal audit will require.
Frequently Asked Questions
Common questions about ISO 27001 implementation and certification
ISO 27001:2022 introduced several structural changes. Annex A was restructured from 114 controls across 14 domains to 93 controls across 4 themes (Organisational, People, Physical, Technological). Eleven new controls were added - including threat intelligence, ICT readiness for business continuity, physical security monitoring, configuration management, data masking, data leakage prevention, monitoring activities, web filtering, secure coding, and cloud service security. Organisations certified under the 2013 version must transition to the 2022 standard by October 2025.
For a organisation with some existing security practices, implementation typically takes 6-9 months from engagement start to Stage 2 audit. Starting from very low maturity adds 3-6 months. The implementation phase (building the ISMS) is typically 4-6 months; the ISMS then needs to operate for a period before Stage 2, and your certification body will want evidence of at least one internal audit and management review cycle. We set realistic timelines during the gap assessment phase.
Depends on your markets. SOC 2 is primarily recognised by US enterprise customers; ISO 27001 carries more weight in Europe, the Middle East, Asia-Pacific, and with government buyers. Many growing companies pursue ISO 27001 first if their primary markets are non-US, or SOC 2 first if they're focused on US enterprise sales. Some enterprise customers - particularly in financial services and government - may require both. We can help you assess which delivers the most business value given your specific customer base.
The Statement of Applicability (SoA) is a mandatory ISO 27001 document that lists all 93 Annex A controls, states which you have selected and which you have excluded, and provides justification for your decisions. Inclusions must be justified by the risk treatment process. Exclusions must be justified by evidence that the risk they address is not applicable to your scope. The SoA is reviewed by your certification auditor at Stage 1 and is the bridge between your risk treatment plan and your implemented controls.
Ready to Pursue ISO 27001 Certification?
From gap assessment through to certified ISMS - we guide you every step of the way, efficiently and without shortcuts.
Start Your ISO 27001 Programme