Required in tenders, requested by insurers, scrutinized in due diligence: ISO 27001 has become the proof of digital trust. I support you from gap analysis to certification audit, and over time, with no paper compliance.
Assessment against the standard's requirements and the 93 controls of Annex A (2022 version), with a prioritized, costed action plan separating what protects from what documents.
Scope, risk analysis, statement of applicability, policies and living governance: a management system built for your real risks, not for the auditor.
Team readiness, mock audit, support through both stages of the certification audit, findings addressed through to certification.
Preparation of annual surveillance audits, management of corrective action plans on non-conformities through to closure: certification is a cruising regime, not a finish line.
My ISO 27001 references cover the full cycle: certification support delivered through the audit with a certification body, and corrective action plans managed in surveillance audit contexts, with dozens of non-conformities addressed and tracked to closure. The same foundation then serves NIS2 and DORA.
From 6 to 18 months depending on the starting maturity and the certified scope: gap analysis, ISMS build, control deployment, mock audit, then the two-stage certification audit. A milestone-driven journey avoids the two classic pitfalls: the project that stalls and the paper certification.
The certificate is valid for three years, with a surveillance audit every year and recertification at the end of the cycle. Non-conformities raised call for corrective action plans tracked to closure: this is often where organizations need support the most.
Yes, and it is a frequent case: taking over an existing ISMS, preparing a surveillance audit, managing a corrective action plan after major non-conformities. My references include precisely this type of engagement.
6 pillars, 36 questions, 8 minutes. Walk away with a snapshot of your gap to certification and your priorities.
→Start the self-assessmentOne 30-minute call and you know where you stand, the realistic trajectory and under what conditions to move forward.
→Book a qualification callFirst call free, no commitment. See also the Cybersecurity GRC page.