Achieve ISO 27001 certification

Everything you need to get ready for the Stage 1 audit in just 5 weeks.

ISO 27001 stamp

Do you need to certify for ISO 27001 at the request of a client but you’re not sure where to start?

Between our self-help blog posts and consultancy services, we’ve got you covered. Find out if you’re ready for certification with our compliance checklist.

Find out if you're ready for ISO 27001 certification

An ISMS is an Information Security Management System.

Find out what it is and how it relates to the international standard ISO 27001 on Information Security Techniques.

Reading time: 13 minutes

What makes our consultancy programmes different?

Most certification programmes offered by ISO consultants are tailored to organisations with very large IT departments, comprised of several distinct teams. If your IT team is structured differently that means you waste your time and resources on drafting documentation that is not relevant to your business; and building an ISMS that’s more complicated than it needs to be.

Only do the necessary work to certify your business quickly and cost-effectively.   

Our proven process can get your business ready for the Stage 1 audit in just 5 weeks

Hover or tap on each card to read more

30 Minute Introductory session with an ISO 27001 Consultant. At the end
of the session you will know:
  • What a management system standard is, how it works and more
    specifically what an ISMS is
  • What a “risk-based approach” to decision making means in the context
    of ISO and BS standards
  • What steps to take to achieve certification for ISO 27001
  • How to define your scope for each standard
  • Some of the key terms and definitions
  • The core ISO 27001 requirements
  • What Annex A is about and how it links to the main body of the standard
  • Identify your information assets from our Asset Register templates.
    Pick from 4 typical organisation profiles the one closest to you:

  • The "on-premise" organisation
  • The "Cloud" organisation
  • The "Virtual Service" organisation
  • The "Virtual SaaS" organisation
  • Or start from our blank template.
  • Define your risk management framework:
  • Build your Consequences and likelihood scoring matrix
  • Identify applicable risk from our risk catalogue based on your
    assets and activities
  • Score risks
  • Determine risk treatment plan
  • Determine your Statement of Applicability (SoA)
  • Writing your Documentation:
    We strongly believe that only the minimum amount of
    documentation should be produced; and it should be written
    in a way that is meaningful to those who need it, i.e. your colleagues.

    Our templates are in plain English and as short as possible.

    Using our approach will likely give you no more than 20-25
    different policies, procedures and spreadsheets to maintain.
    Build your ISMS Tracker:
  • Use our spreadsheet templates to build your own ISMS tracker in
    SharePoint 365, Azure DevOps, Jira or Gitlab
  • Use our templates for all the forms your need, such as
    change requests, incident reports, nonconformities and more
  • Internal Audits:
    Use our templates to plan your audit schedule and perform
    internal audits yourself.
    Operate your ISMS:
    In the two to three months between the Stage 1 and Stage 2
    audit, you will start implementing your ISMS and learn how to
    use it in practice.
    Don't forget you will need to demonstrate to the external assessor
    at Stage 2 that your ISMS is in operation - Store your evidence

  • Meeting minutes
  • Emails
  • Reports
  • ISMS Tracker and forms
  • Logs and audit trails
  • You are now ISO 27001 Certified.

    Need a safe pair of hands?

    Ask Elisabeth about achieving ISO 27001 certification

    Author picture