ISO 27001 is no longer a
“nice to have”
It is increasingly a commercial, regulatory, and reputational requirement.
We help organisations move from fragmented security practices to a credible, auditable Information Security Management System (ISMS) that regulators, customers, and boards can rely on.
Why this matters?
-
Customers ask for it.
-
Insurers price against it.
-
Regulators expect evidence of it.
-
Boards are accountable for it.
We help you meet those expectations—practically, proportionately, and defensibly.
Assess where you stand. Build what matters. Prove it works.
How we help
Clarity
Understand your current exposure, gaps, and readiness—before committing time or budget.
We assess where security exists on paper versus how it operates in practice, giving leadership a clear, independent view of risk and effort required.
ISO 27001 Service Tiers
Choose the level of support that matches your organisation’s maturity, urgency, and risk appetite.
Diagnose
ISO 27001 Readiness Assessment
Understand where you stand and what it will take.
Best for organisations exploring ISO 27001 or responding to early customer, regulator, or insurer pressure.
Includes
✔️ ISMS scope definition workshop
✔️ Policy and control review against ISO/IEC 27001:2022
✔️ Stakeholder interviews
✔️ High-level risk identification
You receive
✔️ Gap assessment report (clauses & Annex A)
✔️ Board-ready risk and readiness summary
✔️ Prioritised compliance roadmap
Outcome
Clear visibility on exposure, effort, timelines, and next steps.
Build
ISO 27001 Implementation Program
Design and embed an audit-ready ISMS.
Best for organisations committed to certification but lacking internal capacity or specialist expertise.
Includes everything in Diagnose, plus
✔️ ISMS framework design (mandatory clauses)
✔️ Risk assessment and risk treatment planning
✔️ Annex A control design and implementation
✔️ Policy and procedure authoring
✔️ Evidence and ownership guidance
You receive
✔️ Complete ISMS documentation suite
✔️ Statement of Applicability
✔️ Risk register and treatment plan
✔️ Audit preparation guidance
Outcome
A functioning, defensible ISMS aligned to your business operations.
Validate
ISO 27001 Audit Readiness & Assurance
(Internal Audit & External Audit Support)
Validate your ISMS and enter audits with confidence.
Best for organisations that have already implemented ISO 27001 internally or with another partner but want independent assurance and expert audit support.
Includes
✔️ Independent internal audit (Clause 9.2)
✔️ Audit findings classification (NCs, OFIs, risks)
✔️ Management review facilitation (Clause 9.3)
✔️ External auditor coordination and support
✔️ Corrective action and closure guidance
You receive
✔️ Internal audit report
✔️ Management review pack
✔️ Audit readiness checklist
✔️ Corrective action support until closure
Outcome
Reduced audit risk, clear remediation actions, and confident engagement with certification bodies.
Certify
ISO 27001 Certification Assurance
Stay supported until certification is achieved.
Best for first-time certifications, board-visible organisations, or low tolerance for audit failure
Includes everything in Build and Validate, plus
✔️ Internal audit (Clause 9.2)
✔️ Management review facilitation (Clause 9.3)
✔️ External auditor liaison (Stage 1 & Stage 2)
✔️ Corrective action and findings support
You receive
✔️ Internal audit report
✔️ Management review pack
✔️ Certification assurance support through audit
Outcome
A controlled, predictable certification process—with no surprises.
Not sure which one is right for you?
Outcome | Readiness | Implementation | Audit Readiness & Assurance | Certification Assurance |
|---|---|---|---|---|
Gap & risk clarity | ✔️ | ✔️ | ✔️ | |
ISMS design & build | ✔️ | ✔️ | ||
Policy & control implementation | ✔️ | ✔️ | ||
Internal audit | ✔️ | ✔️ | ||
Management review | ✔️ | ✔️ | ||
External audit support | ✔️ | ✔️ | ||
Best suited for | Exploration | Execution | Validation | End-to-end |