ISO/IEC 27001 Services

ISO/IEC 27001 is the internationally recognised standard for information security management. Certification demonstrates to clients, partners, funders, and regulators that your organisation takes information security seriously, with the systems, controls, and governance in place to evidence that commitment.

Whether you are pursuing certification for the first time, preparing for an audit, or maintaining an existing management system, we can support you at every stage.

Our ISO/IEC 27001 services are delivered by a PECB-certified Lead Auditor and Lead Implementer, combining recognised training with practical experience in governance, risk, assurance, and organisational improvement.

Plain-language ISO/IEC 27001 support, practical documentation, and clear guidance at every stage of the certification journey.

Designed for organisations pursuing, preparing for, or maintaining ISO/IEC 27001 certification, especially those handling sensitive client, staff, operational, or referral information and needing structured support they can understand, evidence, and act on.

ISO/IEC 27001 services tailored to your organisation

Whether you are starting from scratch, preparing for certification, closing audit findings, or maintaining an existing ISMS, our services can be used individually or combined into a wider programme of support.

£1950

ISO 27001 Gap Analysis

The Right Place to Start

Before you can plan the journey to ISO 27001 certification, you need to know where you’re starting from. Our gap analysis is a structured, clause-by-clause assessment of your current information security arrangements against the standard, identifying specific shortfalls in controls, documentation, processes, and governance, and producing a prioritised action list so you know exactly what needs to be addressed.

Typical output: Clause-mapped gap register, RAG status by domain, prioritised action list.

Ideal for: Organisations new to ISO 27001 that need a clear, honest picture of where they stand before deciding how to proceed.

Final price depends on organisation size and complexity. All engagements begin with a scoping conversation and a fixed quote.

From £2,950

ISO 27001 Readiness Assessment

Are you ready for your certification audit?

Once you’ve identified your gaps and done some preparatory work, the next question is whether your organisation is genuinely ready to pursue certification, in terms of resource, timelines, leadership commitment, and cultural readiness. That’s what the readiness assessment addresses. This is not the right starting point for organisations new to ISO 27001, the gap analysis is the better first step.

Typical output: Readiness scorecard, effort and timeline estimate, resource requirements, go/no-go recommendation with reasoning.

Ideal for: Organisations that have begun preparing for ISO 27001 certification and want an evidenced, independent view of what the journey ahead realistically involves.

Final price depends on organisation size and complexity. All engagements begin with a scoping conversation and a fixed quote.

From £2,450

Internal Audit

Independent Eyes on Your ISMS

ISO 27001 requires regular internal audits, but internal auditors must be independent of the areas they’re auditing, which is a practical challenge for smaller organisations. We provide that independent function, either as a one-off audit or an ongoing retainer.

Typical outputs:

One-off: scoped audit, formal findings report, corrective action recommendations.

Ongoing retainer: planned audit programme, regular reporting, continuous improvement support. 

Ideal for: Organisations with an existing ISMS, certified or working toward it, that need independent internal audit capability.

Final price depends on organisation size, ISMS scope, and audit complexity. All engagements begin with a scoping conversation and a fixed quote.

Quote on request

ISMS Implementation Support

Building Your Information Security Management System

ISO/IEC 27001 certification requires a functioning Information Security Management System — with clear scope, documented policies, defined controls, a risk assessment process, and evidence that the system is being managed, monitored, reviewed, and improved.

We work alongside you to build this in a practical, proportionate way, whether you are starting from scratch, strengthening an existing approach, or picking up a partial implementation already underway.

Implementation support can include:

  • ISMS scope definition and documentation structure
  • Risk assessment and risk treatment methodology
  • Policy and procedure drafting or review
  • Statement of Applicability development
  • Annex A control implementation guidance
  • Evidence mapping and audit preparation
  • Management review preparation
  • Internal audit readiness support
  • Certification audit preparation and support

Every ISMS implementation engagement is scoped and quoted individually. Fixed quote before any work begins.

Ideal for:
Organisations that need structured support to build, document, and implement an ISO/IEC 27001 Information Security Management System, whether starting from scratch, restarting a stalled project, or turning existing controls into a certification-ready framework.

Pursuing Certification or Maintaining It, We Can Help With Both

If you’re pursuing certification for the first time, the typical journey begins with a gap analysis, moves into ISMS implementation support, and concludes with internal audit preparation ahead of your certification audit. We can support the full journey or pick up at any point.

If you’re already certified, we provide ongoing internal audit support and can assist with surveillance audits, recertification, and continuous improvement of your ISMS, including keeping pace with changes to your organisation or the standard itself.