ISO 27001 — Information Security Management Systems

Made to measure based on size, industry, and unique information security risks
  1. Home
  2. Information Security Management

Whether you're starting from scratch, getting ready for your first certification or upgrading a mature ISMS to the latest standard.

An ISMS that is effective in your organisation

With many years of information technology and information security experience, we can help you build a lightweight ISMS that understands your business model, ensures effective controls and works alongside the technologies you build and use.

By tailoring security controls to your specific risks and industry, you'll end up with a system that keeps things safe without slowing you down.

Steps to ISO 27001:2022 certification

  1. 1

    Gap Analysis and scoping

    We conduct a comprehensive assessment of your current information security management system (ISMS) to identify gaps between your existing practices and ISO 27001 requirements.

    This analysis covers key areas such as risk assessment, security policies, access control, incident management, and business continuity planning, tailored to the specific needs of SMEs.

    Book Gap Analysis
  2. 2

    ISMS Implementation

    We can assist in developing and implementing an ISMS that aligns with ISO 27001 standards, focusing on practical and resource efficient processes.

    This includes co-creating necessary documentation, establishing security controls, and training your staff on new procedures.

  3. 3

    Stage 1 Audit

    Conducted by a certification body

    An initial assessment by the certification body to review your ISMS documentation and evaluate your readiness for the full certification audit.

  1. 4

    Stage 2 Audit (Certification)

    Conducted by a certification body

    A comprehensive audit to verify that your ISMS is fully operational and compliant with all ISO 27001 requirements.

    Upon successful completion, your business will be recommended for ISO 27001 certification.

  2. 5

    Continuous Improvement

    We can provide ongoing support to maintain and improve your ISMS, ensuring continued compliance and effectiveness.

    This includes regular internal audits, management reviews, and updates to address evolving security threats and business changes.

  3. 6

    Internal Audit

    We can help you conduct a setup an internal audit that suits your business, ensuring your ISMS is functioning effectively and in compliance with ISO 27001 requirements.

What we offer

ISO 27001:2022 Gap Analysis

IRCA Qualified 27001 Lead Auditor

A gap analysis is an in-depth method to understand where your business stands in relation to ISO 27001, and what you need to do to get to certification.

£3,750*One-time

A gap analysis can be conducted at any stage before or during your ISO 27001 journey. It provides a roadmap for your ISMS implementation, and a clear understanding of the work required to achieve certification.

  • RAG report
  • Existing controls evaluated
  • Actionable outcomes
  • A basis for implementation

*Based on a typical SME, conducted remotely at one site over 3.5 days.

ISMS Implementation

IRCA Qualified 27001 Lead Auditor

If you're ready to implement your ISMS, we can help you build a system that works for your business, and is ready for certification.

Using an external consultant is a cost-effective way to bring proven experience.

£POA

What we can offer:

  • Fully integrated ISMS
  • Processes developed to gain and maintain certification
  • Processes that match business scale and objectives
  • End to end management, or
  • Act as SME to support
  • We can join your existing team, or bring our own
  • Audit management
  • Negotiable timescale

Why ISO 27001:2022?

Starting your ISO 27001 journey for a tender, or just looking to scale your business with a competitive advantage?

Either way – implementing ISO 27001:2022, the International Standard for Information Security Management, can bring a number of benefits to organisations — maturing and growing with the company as it scales. The framework supports building trust with customers and partners, demonstrating a commitment to responsible information security and compliance practices.

Certification demonstrates your commitment to information security, and can be used as a competitive advantage when adopted early. By improving internal processes and structure, ISO 27001 encourages a culture of security awareness, leading to a more resilient and successful companies and products.