ISO 27001 Readiness, handled for you
ISO 27001 is the international standard for managing information security, and it is a significant undertaking. We help you build the framework behind it, an information security management system (ISMS), a risk assessment methodology and the controls that flow from them, sized sensibly for an SME.
We are not a certification body, so we do not issue the certificate itself. What we do is get your estate, documentation and evidence into shape, produce the Statement of Applicability and supporting records, and prepare your team so the external audit runs smoothly.
Enquire about ISO 27001 Readiness
Tell us what you need and a member of our team will be in touch, usually within one working day.
Send us a message
No spam, ever. We'll only use your details to get back to you.
More InfoSec & Compliance services
Cyber Essentials
A guided route to Cyber Essentials certification, from gap analysis and remediation to a passed assessment.
Cyber Essentials Plus
The independently audited level of Cyber Essentials, for contracts and tenders that demand hands-on verification.
GDPR Compliance
Practical GDPR controls, policies and records that meet your data protection obligations without the jargon.
Security Audits & Gap Analysis
Honest, independent audits that show exactly where your security stands and give you a clear plan to fix it.
Policies & Evidence Packs
Ready-to-share policies, evidence and reporting that prove your security posture to clients, insurers and tenders.
Your questions, answered
Common questions about iso 27001 readiness. Prefer to talk? Give us a call.
0330 333 8175No, certification must come from an accredited external body. We prepare your management system, controls and evidence so that audit is straightforward, and support you through it.
It can be, and we will tell you honestly if Cyber Essentials or a lighter approach fits better. Where clients or contracts require ISO 27001, we scale the work sensibly to your size.
Longer than Cyber Essentials, typically several months, because it involves building and embedding a management system rather than fixing a fixed set of controls.