Can you certify us yourselves?

No — and nobody legitimate can both prepare you and certify you. Certification has to come from an independent body. We prepare you so thoroughly that the audit is a formality.

How long does ISO 27001 take?

Typically several months to a year, depending on your starting point and how much already exists. It's a real programme, not a quick badge — we plan it in stages so it's manageable.

Is it overkill for a smaller business?

Sometimes Cyber Essentials Plus is the right level and ISO 27001 is more than you need. We'll tell you honestly — we won't sell you a programme you don't require.

What happens after certification?

ISO 27001 is ongoing — surveillance audits, internal reviews and continual improvement. We set up those rhythms so the certification stays valid and meaningful.

ISO 27001 Preparation

Audit-ready, without the headache.

ISO 27001 is the gold standard for information security management — and a serious undertaking. We do the heavy lifting: controls, evidence and the policy library that gets you ready for assessment.

Request a callback See all services

What it is

The serious standard.

ISO 27001 is the international standard for managing information security. Winning it tells enterprise clients and regulators that security is run as a proper management system, not a collection of good intentions. It's also a genuine undertaking — which is where we come in.

We prepare you for certification: scoping the system, building the controls and evidence, and assembling a policy library that auditors recognise. We're not the certifying body — that has to be independent — but we get you to the point where the audit is a formality, not a gamble.

What's included

Everything the auditor will ask for.

Scope & gap analysis

We define the boundary of your information security management system and measure where you are against the standard's requirements.

Policy library

A complete, tailored set of policies and procedures that map to the controls — written to be used, not just to pass an audit.

Risk register

A working risk assessment and treatment plan — the beating heart of ISO 27001, kept current rather than written once and shelved.

Controls implementation

We implement the technical and organisational controls, drawing on the same security work we do day-to-day.

Evidence & documentation

The records and evidence an auditor will ask for, organised so the assessment runs smoothly.

Toward continual improvement

We set up the internal audits and management reviews that keep certification alive year after year.

How it works

The long road, walked with you.

Scope

We define what the management system covers and run a gap analysis against the standard.

Build

Policies, risk register, controls and evidence — assembled into a coherent system that fits how you operate.

Embed

We help the system become business-as-usual, with internal audits and management reviews running properly.

Certify

We prepare you for the independent certification audit and support you through it. The audit confirms what's already true.

Part of the package

Included, not itemised.

You don't buy these one by one. It's all in the same managed package — here's more of what comes as standard.

All services

Start here

Let's make a plan.

A 10-minute call, straight answers, no pressure. We'll tell you if we're the right fit for your business — and we'll tell you if we're not.

Request a callback 01158 244 824

ISO 27001 questions