ISO 27001 consulting.
Build a real information security management system - one your team actually uses. From greenfield ISMS implementation through to internal audits, with Bureau Veritas certified expertise.
What you walk away with.
Gap assessment
Current-state analysis against the standard's Annex A controls, with a clear roadmap and effort estimate.
Risk assessment & treatment
Risk register, treatment plan, and a review cadence built around your real assets and threats.
ISMS documentation
Policies, procedures, treatment plan, and the Statement of Applicability - written to be used, not filed.
Internal audit reports
Independent audits against the standard, evidence-backed findings, and corrective action tracking.
How it works.
Gap analysis
Where you are versus where ISO 27001 expects you to be. Honest scoping with realistic timelines.
Risk assessment
Identifying assets, threats, and treatment paths. Output is a risk register your team actually maintains.
Controls & documentation
Implementing applicable Annex A controls, building the Statement of Applicability, and writing the policies.
Internal audit
Testing the ISMS against itself before the external auditor does - findings tracked to closure.
Common engagements.
Greenfield ISMS
Start-to-finish implementation for teams new to ISO 27001 - from scope definition through to internal audit readiness.
Surveillance support
Maintaining the ISMS between annual surveillance audits - documentation updates, control evidence, continuous improvement.
Internal audit
Independent audits against the standard, contracted yearly or per cycle. Evidence-based findings tracked to closure.
ISMS maintenance
Ongoing management for teams without a dedicated security function. Treated as a long-term retainer.
Looking at ISO 27001?
Book a 30-min call. We'll talk through your scope and the right next steps.