ISO 27001 Certification

The global standard for information security management. Get certified in 10 weeks.

Fixed-fee engagement
5 phases
Get StartedSee Your 10-Week Certification Roadmap
Overview

What is this service?

ISO 27001 is the international standard for information security management. It defines the requirements for an Information Security Management System (ISMS), a structured framework of policies, procedures, and controls that protects your organisation's information assets. For UK technology companies, ISO 27001 has become the de facto requirement for selling to enterprise clients, winning government contracts, passing investor due diligence, and qualifying for cyber insurance at favourable rates. Whether you are a SaaS platform targeting enterprise clients, a healthcare provider seeking NHS supply chain approval, a FinTech navigating FCA or DORA requirements, a manufacturer seeking supply chain inclusion, or any other organisation that handles sensitive data, ISO 27001 is your foundation.

Deliverables

What we deliver

Every engagement includes these core deliverables, tailored to your organisation.

Gap analysis and remediation roadmap
Full ISMS documentation suite (32 policies)
Risk assessment and risk register (150+ entries)
Statement of Applicability (93 Annex A controls)
Internal audit before Stage 2
Stage 1 and Stage 2 audit support
Staff awareness training (2 sessions)
3 months post-certification support
Our Process

How we get you certified

A proven, structured approach from kickoff to certification.

1
Week 1

Kickoff & Gap Analysis

Initial meeting, scope definition, gap analysis conducted, remediation roadmap delivered.

2
Weeks 2–5

Documentation Build

All ISMS policies written, risk assessment conducted, SoA drafted, asset inventory built.

3
Weeks 6–8

Controls Implementation

Technical and organisational controls implemented and evidenced, staff training delivered.

4
Week 9

Internal Audit

Full internal audit conducted, non-conformities identified and closed.

5
Weeks 10–12

External Audit

Stage 1 documentation review and Stage 2 compliance audit. Certificate issued.

Pricing

Transparent pricing

No hidden fees. No surprise invoices. Choose the tier that fits your organisation.

Essentials

Startups and SMEs up to 50 employees

Scoped to your business
  • Gap analysis
  • ISMS documentation
  • SoA
  • Risk register
  • 1 internal audit
  • Stage 1 + Stage 2 support
Get Started
Most Popular

Professional

Scale-ups 50–150 employees

Scoped to your business
  • Everything in Essentials
  • Staff training
  • 6-month vCISO Basic
  • Surveillance audit support Year 1
Get Started

Enterprise

150+ employees or regulated sectors

Scoped to your business
  • Everything in Professional
  • vCISO Standard 12 months
  • GDPR alignment layer
  • Year 1 + 2 surveillance
Get Started
FAQ

Frequently asked questions

Our standard implementation runs 10–12 weeks from kickoff to Stage 2 audit. Complex organisations or those with significant existing gaps may take 14–16 weeks.

Related Services

You may also need

Complementary services that strengthen your compliance posture.

Cyber Essentials

The UK government-backed cybersecurity certification. Essential for public sector supply chains.

Learn more

vCISO

Senior security leadership, without the senior hire. A fractional CISO for your business.

Learn more

GDPR & Privacy

Turn your data protection obligations into a competitive advantage across any jurisdiction.

Learn more

Ready to start your ISO 27001 journey?

Book a free gap analysis call. In 30 minutes you will know exactly where you stand, what it takes, and what it costs.

See Your 10-Week Certification RoadmapTalk to a Consultant

Most clients book their first paid engagement within 2 weeks of their gap analysis call.