ISO 27001

• End-to-end ISO 27001:2022 implementation support

• Free initial gap assessment

• Customised policy pack and documentation templates

• Help preparing for Stage 1 and Stage 2 audits

• Audit-day support (remote or on-call)

• Aligned with your existing tools and ways of working

• Fixed-fee or flexible pricing

• Delivered fully remote (UK-based support)

• You’re bidding for public sector contracts that require ISO 27001

• Your customers or investors are asking for evidence of security controls

• You’ve had a breach or near-miss and want to tighten your governance

• You’re scaling fast and want to build security into your culture

• You’ve started ISO work but got stuck and need help finishing

We break ISO 27001 delivery into three key stages:

1. Assess – Gap analysis to see where you stand

2. Build – Documentation, risk treatment plans, policies, control implementation

3. Support – Prepare for certification, liaison with certifiers, assist on audit day

We work around your availability, using simple tools like shared folders, checklists, and email — no long meetings unless necessary.

Our work aligns with:

• ISO/IEC 27001:2022 (latest revision)

• Annex A controls (based on ISO/IEC 27002:2022)

• Optionally supports NCSC principles, Cyber Essentials, GDPR, NIS2

• Supports integration with existing QMS or GRC tooling

• UKAS-accredited certification body engagement (we can recommend or work with yours)

You will receive:

• Full ISO 27001 Gap Assessment Report

• ISMS Scope Document

• Asset Register Template

• Risk Assessment & Treatment Plans

• 20+ Customisable Policies & Procedures

• Statement of Applicability (SoA)

• Internal Audit & Management Review Guidance

• Pre-Audit Checklist

• Audit-Day Support (Virtual or On-Call)

We use:

• Google Workspace or Microsoft 365

• Excel/Sheets-based registers

• SharePoint, Drive, or Dropbox for shared folders

• Your existing ticketing (Jira, Trello, etc.) if available

• Optional: We can work inside your existing GRC tools (e.g. Vanta, Drata, ISMS.online) if provided

No special software required — we adapt to your workflow.

To keep timelines tight and cost low, we’ll need from you:

• A single point of contact

• Access to existing documentation (if any)

• Input for scoping, risks, and asset inventory

• Management approval for control implementation

• Timely responses to review drafts and schedule audits

We’ll guide you through all of this — no prior experience needed.

Typical project durations:

• Gap Assessment : 2–3 days

• ISMS Design & Documentation : 2–4 weeks

• Internal Review & Fixes : 1–2 weeks

• Certification Audit Support : 1–2 weeks

Total Duration: ~4–8 weeks (can be accelerated if needed)

Do you provide the ISO certificate?
No — certification is issued by a UKAS-accredited body. We work with them and prepare you fully.

Can this be done fully remotely?
Yes. We’ve supported clients 100% remotely across the UK and EU.

Do I need technical knowledge?
No — we guide you through it in plain English and do the heavy lifting.

Is this suitable for small teams?
Yes. We support businesses from 2 to 200 people.

What if I already started ISO 27001 work?
No problem. We’ll pick up from where you left off and help you finish it properly.

We offer two models:

1. Fixed Price (Recommended)
Best for predictable scope and fast turnaround.

Micro Org (1–10 staff) : £950

SME (11–50 staff): £1,800

Larger orgs: Custom quote

2. Pay-as-You-Go / Hourly Blocks
For ad hoc help, audits, or reviews — £65/hr or £500/day

Certification body fees are not included — we help you choose the right one.